Block double slash requests

user94830 · November 24, 2020, 4:10am

Hi,

I am trying to block double slash requests such as “//?author=” using Firewall rules, but I can’t get it to work. I followed another thread here and I still cannot get it to work. I am a free user and tried the “http.request.full_uri” method, as shown in the linked thread.

Any help here would be appreciated.

Thanks.

sandro · November 24, 2020, 8:57am

Can you post the exact expression you tried?

user94830 · November 25, 2020, 12:20am

We have tried the following when creating a Firewall Rule:

Field: URI Full
Operator: Contains
Value: https://www.example.com//?author=

We have also tried the following, but still can’t get it to work:

Field: URI Full
Operator: Contains
Value: https://www.example.com//

Rules are placed as position one in the rule list and have no other conditions amongst them. Action is set to Block.

Thanks.

sandro · November 25, 2020, 12:36am

I can’t say whether it actually worked back in April, but I just ran a quick test and it would appear the URL is normalised for http.request.full_uri as well. Based on that I would assume it currently is not possible to check for double slashes with a firewall rule. You might be able to do this with a Worker, but even there it might be already being normalised before its sent onwards to the Worker.

Otherwise you could probably only use the WAF rule.

sandro · November 25, 2020, 12:49am

Workers actually appear to get the full URL, so you should be able to implement that block with Worker.

user94830 · November 25, 2020, 12:58am

Thank you for your research and testing, we appreciate it.

We will certainly look into that. Thanks again.

system · November 26, 2020, 12:58am

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.