Cloudflare Firewall Regex Match not working

I am currently trying to enact a firewall rule on our platform that blocks URLs that end in a specific pattern.

The pattern I am trying to block is:
anything/darn[number]

Where whenever the path ends in “/darn” and then followed by a number of any length, I want this to be blocked from being served.

A few examples:

example.com/darn1 would be blocked
example.com/darn345345 would be blocked
example.com/darn1example would NOT be blocked
example.com/exampledarn1 would NOT be blocked

I have tried enacting a firewall rule that blocks when the following regex matches:

(\/darn\d+)$

I have tried setting this rule with: “URI Full”, “URI”, and “URI Path” and the operator “matches regex”. None of these options have worked.

An example expression preview is:(http.request.full_uri matches "(\\/darn\\d+)$")

I have tested this expression in multiple Google RE2 online tools and all test cases have passed, so I am at a loss for what I’m doing wrong here. Any help would be appreciated.

Is this a Business or Enterprise plan? I believe those are the only plans that allow Regex in firewall rules.

@sdayman Yes we’re on an enterprise plan

1 Like

Is http.request.full_uri always lower case? Perhaps change to (?i)(/darn\d+)$ to make it case insensitive?

2 Likes

@freitasm I appreciate the suggestion. Unfortunately, yes the string we’re looking to match is always lower case so from what I can tell this would always match still.