Block paths with % in firewall rule

Hi,

I have created a firewall rule to block path with %, however it just don’t work even when I totally disable the URL normalization feature. The rule is:

http.request.uri.path contains "/%"

I can filter the url with same filter Path contains /% in Analytics & Logs - Traffic page, Security - Analytics page and Security - Events page, but the firewall rule just don’t take effect.

So it is impossible to create such a rule or I have missed some important knowledge.

Any help will be greatly appreciated.

Sincerely,

Thats really odd i was trying it out in my test environment same rules as you described (http.request.uri.path contains “/%”).
tried a couple random paths, and have been getting hits and blocks.

image
image.

Is there any other filter in the rule?

1 Like

Dear fjuarez,

Thanks very much for your time to check my question and sorry for the later reply. :pray:

I do some tests on the rule again and found that, if I enable the Normalize incoming URLs setting (on Rules > Settings page), the block rule will take effect, url with path such as /%c0%ae/WEB-INF/web.xml will be blocked as excepted.

However, when I disabled the Normalize incoming URLs setting, the rule won’t take effect. Which is really counterintuitive. Based on the document How URL normalization works, the url should keep as the original when the feature disabled.

BTW. I want to keep the original url without enabling the normalize url feature, because I think I can create firewall block rule more easily.

I don’t know whether I have done something wrong, if you have time, could you please have a try to check? :beer:

Sincerely

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.