DDOS'd regularly, want to ban empty headers with this expression, please help

What is the name of the domain?

example.com

What is the issue you’re encountering

The rule won’t deploy and I’m receiving attacks from empty response headers every day.

What steps have you taken to resolve the issue?

Tried to amend the expression, started a support case over two weeks ago with CF but no answer.

What are the steps to reproduce the issue?

Enter this expression, intended to ban empty response headers:

(not http.request.headers[“x-requested-with”] has “” or not http.request.headers[“x-requested-with”] has “x-requested-with”)
and (http.request.full_uri contains “example.co.uk/*”)

Screenshot of the error

Try this instead. It says if the header value is NOT longer than zero:

(not len(http.request.headers["x-requested-with"]) > 0)

2 Likes