Firewall Blocking url that end with something

eldhose · May 3, 2020, 4:59pm

How do i block request to URLs that end with .php while ignoring it on query parameters. For example: https://example.com/url1.php , https://example.com/url2.php?ref=example.com/url1.php should be blocked since the URLs end with .php but need to allow request https://example.com/url2?ref=example.com/url1.php since .php is only present inside query parameter.

URLs that contains something in the URL only, but not on query parameter would solve this problem. But how do i set it up?

smalldoink · May 3, 2020, 5:08pm

You can block ?ref=*/*.php I think

eldhose · May 3, 2020, 5:17pm

hey there, i need to block .php only on URLs ( not on queries )

smalldoink · May 3, 2020, 5:19pm

https://example.com/url2.php?ref=example.com/url1.php Should be blocked?

eldhose · May 3, 2020, 5:21pm

yes since the url end with .php ignoring the query parameter.

cbrandt · May 3, 2020, 5:34pm

You should use the URI Path field to create a Firewall Rule. Unlike the URI field, URI:Path does not include the query string:

eldhose · May 3, 2020, 5:39pm

Thanks for the information, that works.

eldhose · May 3, 2020, 6:56pm

Hey just curious, instead of just check .php only, can we check for multiple things like .png , .webp , .jpg etc… at the same time

cbrandt · May 3, 2020, 7:00pm

Yes. All you need to do is list each extension on a different line, uniting them with the OR logical operator. So,

if
URI Path contains “.php” OR
URI Path contains “.webp” OR
…
then
Block/Challenge

eldhose · May 3, 2020, 7:01pm

Can’t we do that on a single?

cbrandt · May 3, 2020, 7:02pm

No, not as far as I know.

eldhose · May 3, 2020, 7:06pm

Blocking access to requests which does not contain in URL path .php , .html , .css , .js etc. is another problem while doing this way…

cbrandt · May 3, 2020, 7:11pm

I’m not so sure what you are trying to accomplish. You can always use more than one firewall rule, and order them in a way that fits your goals.

eldhose · May 3, 2020, 7:14pm

I’m now trying to block all other requests that does not end with .html , .css , .js , .png in a particular folder ignoring the query parameters.

cbrandt · May 3, 2020, 7:24pm

You’d need to use the AND logical operator instead of OR:

If
URI Path equals /folder-name/ AND
URI Path does not contain “.html” AND
URI Path does not contain “.css” AND
etc

If you need more suggestions, please open a separate topic to make its title more relevant to future viewers.

eldhose · May 3, 2020, 7:27pm

Sure i will ask it as a separate topic.

eldhose · May 3, 2020, 7:29pm

I’m now trying to block all other requests that does not end with .html , .css , .js , .png in a particular folder ignoring the query parameters.

eldhose · May 3, 2020, 7:30pm

system · June 2, 2020, 4:59pm

This topic was automatically closed after 30 days. New replies are no longer allowed.