Blocking incoming requests that do not come from a specific source hostname

What is the name of the domain?

example.com

What is the issue you’re encountering

Can I block requests that are not coming from a specific hostname?

What steps have you taken to resolve the issue?

Good day all.
I am confused about how to handle the following scenario with a WAF rule.
For this example let’s say I have a zone called rad-example.com that has an API endpoint on
the path /my-api-endpoint/create-something.
This API endpoint will only accept POST request from one of our outside partners called.
The WAF rule that I want to create would Block all requests to the /my-api-endpoint/create-something path that
are not POSTs and are not coming from our outside partner’s hostname.

Here is my first attempt at this rule:

(http.request.uri.path eq “/my-api-endpoint/create-something” and
(http.request.method ne “POST” or not http.host contains “external-partner.com”))

Is this the proper way to accomplish my goal, or am I misunderstanding the use of host in this context.
Is host referencing my zone? Should I be using a condition that looks at the header information?

Again my goal is to make sure that only POST requests to a specified path can be made by a specific source hostname.
In this instance I do not want to use source IP or a list of IPs.

Thank you

Yes.

As you don’t want to use IP addresses, you’ll have to find something else in the request or header you can use to identify that it is coming from somewhere trusted, such as User-Agent or other. Note that those can be spoofed through so it’s not secure, only obscured.

Thank you for the response! Understood and thank you for the sanity check that http.host is referring to my zone.

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.