Double slashes as WAF Rule

Does anyone know how to create a WAF Rule that blocks Double Slashes (the ones right after the TLD)? I know the htaccess versions but would like to fix it in CF

For Example block:

but allow

You can enable WAF rule with ID 100053 to achieve this.


Thanks for the quick response. I assume this requires Pro level or up ?

It does indeed.

But you can also use the following Firewall Rule:

(http.request.full_uri contains "")

Just replace the host with your own.

I used http.request.full_uri because http.request.uri.path is already normalized (// -> /) and contains because using a regex is a paid feature if I recall correctly. This isn’t perfect, but should do the job.


Thank you!

1 Like

This topic was automatically closed after 30 days. New replies are no longer allowed.