Block requests with explicit port declaration

For months, someone has been DDoSing my site, but in a very distinct way: The host always contains an explicit port declaration, i.e. example dot com:443, and so I’d like to just block such requests:

I’ve tried writing the following firewall rule to block the requests, but it doesn’t seem to match them: (raw.http.request.full_uri contains ":443") or (raw.http.request.full_uri contains ":80")

Does anyone know how I’d go about doing this?

Could you try (http.host contains ":")?

1 Like

Tried that in the past, unfortunately doesn’t work either :frowning_face:

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.