Cloudflare Firewall rule for Form Submit


I have a private message form on my website for my customers to contact each other.

I want to stop spammers using the form to send email addresses and web addresses to my customers. So I created a rule to search for .com when the form is used, with a block if the rules apply.

I have created a rule that contains the uri:
(http.request.uri.query contains “modules.php?mod=Private_Messages” and http.request.uri contains “.com”)

But this does not work, I can send a message containing .com OK . Can anyone suggest a solution?

Many thanks

I am assuming your form submits the fields via the request body do this you would need to build a rule based on the request body:

So this is possible, but it is Enterprise only at this time. As an alternative you might be able to identify the spam in a different way - e.g. by the country / network or some other characteristic that you can build a firewall rule on, or you could challenge the form submission.

Hi Simon,

Thanks for your help. I subscribe to the Professional plan, that is a shame the service is only available to Enterprise users, as it would remove a lot of spam users from my site. I use other rules but the spammers just work around them using proxy servers etc,.

Thanks again for your help.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.