Evidently "matches" is not allowed in WAF rules. How do you include an expression in a WAF rule

Evidently “matches” is not allowed in WAF rules. How do you include an expression in a WAF rule? I’m trying to block all p=any number queries. I did come up with this:
(http.request.uri.query matches “p=[0-9]+”)
However, I am told that I am using an unavailable operator.

Regex is available on Business plan or higher. If you do not use p=[number] at all, you can replace it with a group of 10 conditions:

http.request.uri.query contains "p=1" 
OR http.request.uri.query contains "p=2" 
OR ...
1 Like

Thank you. OK. I see that. That should be clearer on the WAF pages. Nothing there says expressions are not allowed on the pro plan. I just get an error and a link to how to use expressions.
Anyway, I accomplished the same thing in one of my Wordpress mu-plugins. I am now blocking all ?p= queries when the url matches “^/p=[0-9]+$” When I need to block things using an expression, I’ll code it inside Wordpress.
For a tiny one person business like mine, going from a pro plan to a business plan doesn’t make sense. It would be nice to block these queries at the edge, but it works just as well inside Wordpress.

2 Likes

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.