I currently have added a custom WAF rule to add a Challenge on nekonya, but the issue is that the challenge spreads to the api and static image serving (/api and /images).
What steps have you taken to resolve the issue?
I did not resolve this issue, and that’s why I’m asking here for help.
Was the site working with SSL prior to adding it to Cloudflare?
I do not know anything i could do to fix this, i haven’t tried anything else than my current setup. Having the conditions “does not start with /api” and /images should do the job, but it does not.
Ah yes, my fault, I forgot to share this.
I think the expression preview would be more useful for you:
(http.host eq "nekonya.classydev.fr" and not starts_with(http.request.uri.path, "/api/") and not starts_with(http.request.uri.path, "/static/") and http.request.method eq "GET")
It seems to work as expected from my end, considering the expression?
https://nekonya.classydev.fr/api/test
https://nekonya.classydev.fr/api
https://nekonya.classydev.fr/static/test
https://nekonya.classydev.fr/static
None of those four are giving me any challenges.
But when trying URLs such as e.g.:
https://nekonya.classydev.fr
https://nekonya.classydev.fr/test
Those two are:
That said, - one thing I do notice:
Could the issue be that you’ve excluded “/static” (according to the expression), but been under the impression that you had also excluded “/images” (which you haven’t, according to the expression)?
“/images” isn’t excluded according to the expression, and that’s consistent with what I see from my end.
Yep, seems to have been just a dumb issue of a slash at the end I must’ve added sometime, and the fact that I didn’t add /images in the list. Thanks for your time!