Creating firewall rule expression to look at headers

Is it possible to create a firewall rule that looks at headers? I can’t find headers in the dropdown of Field just things like User Agent and IP.

Yes, the option “Request method” should do it if you are looking for that one?

Or rather this one (which I believe requires an Enterprise plan)?

Maybe it is possible to achieve something using Cloudflare workers, not sure, I haven’t tested it yet.

1 Like

Oh wow thank you this one worked!!

not any(lower(http.request.headers.names[*])[*] contains "x-csrf-token") and (http.request.full_uri eq "https://www.example.com/somepath")

Thanks so much.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.