Create WAF rule to block access to files with predefined extensions

I have the Enterprise plan.
Is it possible to create a WAF rule to block access when someone tries to access files with certain extensions?
Even if that file does not exist.

Example:

example.com/*.log
*.example.com/*.log
example.com/assets/*.log
example.com/*.sql
example.com/images/*.sql

Or any other folder within the domain.

It is possible to edit Cloudflare’s firewall, see https://developers.cloudflare.com/firewall/cf-firewall-rules.
Business and Enterprise customers additionally have the option to use regular expressions in their firewall rules, so you could add one to your Cloudflare firewall that checks if the URI path ends with .sql.
You can check the documentation I linked above for more info on how to do that.

This topic was automatically closed after 30 days. New replies are no longer allowed.