Double slashes as WAF Rule

Does anyone know how to create a WAF Rule that blocks Double Slashes (the ones right after the TLD)? I know the htaccess versions but would like to fix it in CF

For Example block:

http://www.example.com//welcome.html

but allow

http://www.example.com/welcome.html

You can enable WAF rule with ID 100053 to achieve this.

3 Likes

Thanks for the quick response. I assume this requires Pro level or up ?

It does indeed.

But you can also use the following Firewall Rule:

(http.request.full_uri contains "https://www.example.com//")

Just replace the host with your own.

I used http.request.full_uri because http.request.uri.path is already normalized (// -> /) and contains because using a regex is a paid feature if I recall correctly. This isn’t perfect, but should do the job.

3 Likes

Thank you!

1 Like

This topic was automatically closed after 30 days. New replies are no longer allowed.