Custom WAF rule not working as it should

What is the name of the domain?

werkenbijvitahypotheekadvies.nl

What is the issue you’re encountering

My custom rule: (http.request.full_uri wildcard r"https://portaal.werkenbijvitahypotheekadvies.nl/" and ip.src ne 92.111.216.10) or (http.request.full_uri wildcard r"https://portaal-staging.werkenbijvitahypotheekadvies.nl/" and ip.src ne 92.111.216.10) only works for the “staging-portaal” subdomain but not for the “portaal” subdomain.

What is the current SSL/TLS setting?

Full

Hello ‘mees.vanwel’,

Please try to instead having one rule, try to separate this custom rule in two, one for https://portaal.werkenbijvitahypotheekadvies.nl/* and the other for https://portaal-staging.werkenbijvitahypotheekadvies.nl/*

Let us know after.

Cheers!

Thankyou for your response, after separating them sadly them problem occurs…

1: (http.request.full_uri wildcard r"https://portaal.werkenbijvitahypotheekadvies.nl/*" and ip.src ne 197.133.45.192)

2: (http.request.full_uri wildcard r"https://portaal-staging.werkenbijvitahypotheekadvies.nl/*" and ip.src ne 197.133.45.192)

Try to have it like this then:

1: (http.request.full_uri wildcard r"https://p…potheekadvies.nl/login/*" and ip.src ne 197.133.45.192)

I think I know what you mean, I’ve now used a wildcard to target both subdomains at once:

http.request.full_uri wildcard r"https://*portaal.werkenbijvitahypotheekadvies.nl/*"

But sadly exactly the same result staging-portaal. get’s blocked correctly whilst portaal. isn’t.