Evidently “matches” is not allowed in WAF rules. How do you include an expression in a WAF rule? I’m trying to block all p=any number queries. I did come up with this:
(http.request.uri.query matches “p=[0-9]+”)
However, I am told that I am using an unavailable operator.
Regex is available on Business plan or higher. If you do not use p=[number]
at all, you can replace it with a group of 10 conditions:
http.request.uri.query contains "p=1"
OR http.request.uri.query contains "p=2"
OR ...
Thank you. OK. I see that. That should be clearer on the WAF pages. Nothing there says expressions are not allowed on the pro plan. I just get an error and a link to how to use expressions.
Anyway, I accomplished the same thing in one of my Wordpress mu-plugins. I am now blocking all ?p= queries when the url matches “^/p=[0-9]+$” When I need to block things using an expression, I’ll code it inside Wordpress.
For a tiny one person business like mine, going from a pro plan to a business plan doesn’t make sense. It would be nice to block these queries at the edge, but it works just as well inside Wordpress.
This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.