Does anyone know how to create a WAF Rule that blocks Double Slashes (the ones right after the TLD)? I know the htaccess versions but would like to fix it in CF
For Example block:
http://www.example.com//welcome.html
but allow
You can enable WAF rule with ID 100053 to achieve this.
3 Likes
Thanks for the quick response. I assume this requires Pro level or up ?
It does indeed.
But you can also use the following Firewall Rule:
(http.request.full_uri contains "https://www.example.com//")
Just replace the host with your own.
I used http.request.full_uri because http.request.uri.path is already normalized (// -> /) and contains because using a regex is a paid feature if I recall correctly. This isn’t perfect, but should do the job.
3 Likes
Thank you!
1 Like
This topic was automatically closed after 30 days. New replies are no longer allowed.