Can I use "*" on a firewall rule on a PRO account?

daniel55 · November 12, 2020, 4:45pm

I need to let through all calls to urls ending in .php , but block any calls to urls ending in .ph .

The simplest seems to be something like (http.request.uri.path eq "*.ph") but I’m not sure if this syntax is enabled on a PRO account, because it doesn’t seem to work.

What would be the right way to do this?
Is it possible to extract the file extension from an uri, and do eq ".ph" ?
Or first allow all that contains php and after disallow all that contains ph ?

Any help will be appreciated.

sandro · November 12, 2020, 5:18pm

The closest you’d get with a Pro plan would be

(http.request.uri.path contains ".ph" and not http.request.uri.path contains ".php")

Everything more precise would require regular expressions which require a Business plan.

Workers would of course work too.

daniel55 · November 12, 2020, 5:01pm

That would be a very good approximation, thanks.
How could this be done with a worker?

sandro · November 12, 2020, 5:06pm

A Worker would require custom JavaScript code and keep in mind it is paid if you exceed the free limit.

daniel55 · November 12, 2020, 5:08pm

Thanks. Will see if this solve my problems, and will read up on firewalling through workers if I need more granularity.
Much appreciated.

sandro · November 12, 2020, 5:12pm

The expression above should be generally fine, as it is rather generic it will still have edge cases though.

/file.php.ph would still go through, whereas /file.ph.txt would be blocked.

Only with regular expressions you could narrow this down to the exact syntax but that would require aforementioned Business plan.

system · November 13, 2020, 5:12pm

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.