Can I use "*" on a firewall rule on a PRO account?

I need to let through all calls to urls ending in .php , but block any calls to urls ending in .ph .

The simplest seems to be something like (http.request.uri.path eq "*.ph") but I’m not sure if this syntax is enabled on a PRO account, because it doesn’t seem to work.

What would be the right way to do this?
Is it possible to extract the file extension from an uri, and do eq ".ph" ?
Or first allow all that contains php and after disallow all that contains ph ?

Any help will be appreciated.

The closest you’d get with a Pro plan would be

(http.request.uri.path contains ".ph" and not http.request.uri.path contains ".php")

Everything more precise would require regular expressions which require a Business plan.

Workers would of course work too.

1 Like

That would be a very good approximation, thanks.
How could this be done with a worker?

A Worker would require custom JavaScript code and keep in mind it is paid if you exceed the free limit.

Thanks. Will see if this solve my problems, and will read up on firewalling through workers if I need more granularity.
Much appreciated.

The expression above should be generally fine, as it is rather generic it will still have edge cases though.

/ would still go through, whereas / would be blocked.

Only with regular expressions you could narrow this down to the exact syntax but that would require aforementioned Business plan.

1 Like

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.