Cloudflare WAF Rules don't work exactly

joel-krs · January 18, 2025, 6:02pm

What is the name of the domain?

hypernex.xyz

What is the issue you’re encountering

I have set up WAF rules to make my sites more secure. However, if my pages on the “/” path are attacked, they are very badly affected by the attack. But if you attack “/register”, “/login” or “/auth/login” for example, everything will be blocked by cloudflare.

What steps have you taken to resolve the issue?

I’ve already tried changing my rules but none of my solutions work and the website still goes down.
I have sent a screenshot of my rules below

What is the current SSL/TLS setting?

Full (strict)

Screenshot of the error

sjr · January 18, 2025, 6:07pm

You need to rethink your rules. It’s impossible for a URI to start with /login AND start with /register for example, so that will always be false.

joel-krs · January 18, 2025, 6:40pm

Thank you

system · January 20, 2025, 6:41pm

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
WAF custom rule doesn't seem to work Security	2	45	January 19, 2025
WAF rules do not seem to take place Security	3	1172	December 22, 2022
WAF rules not working, is CF security a big joke? Security	10	352	May 9, 2024
WAF rules not working as expected Security	3	1113	December 1, 2022
WAF Not Active, cannot get rules to work Security	7	136	July 24, 2024