Firewall Blocking url that end with something

How do i block request to URLs that end with .php while ignoring it on query parameters. For example: https://example.com/url1.php , https://example.com/url2.php?ref=example.com/url1.php should be blocked since the URLs end with .php but need to allow request https://example.com/url2?ref=example.com/url1.php since .php is only present inside query parameter.

URLs that contains something in the URL only, but not on query parameter would solve this problem. But how do i set it up?

You can block ?ref=*/*.php I think

hey there, i need to block .php only on URLs ( not on queries )

https://example.com/url2.php?ref=example.com/url1.php Should be blocked?

yes since the url end with .php ignoring the query parameter.

You should use the URI Path field to create a Firewall Rule. Unlike the URI field, URI:Path does not include the query string:

image

Thanks for the information, that works.

1 Like

Hey just curious, instead of just check .php only, can we check for multiple things like .png , .webp , .jpg etc… at the same time

Yes. All you need to do is list each extension on a different line, uniting them with the OR logical operator. So,

if
URI Path contains “.php” OR
URI Path contains “.webp” OR

then
Block/Challenge

Can’t we do that on a single?

No, not as far as I know.

1 Like

Blocking access to requests which does not contain in URL path .php , .html , .css , .js etc. is another problem while doing this way…

I’m not so sure what you are trying to accomplish. You can always use more than one firewall rule, and order them in a way that fits your goals.

I’m now trying to block all other requests that does not end with .html , .css , .js , .png in a particular folder ignoring the query parameters.

You’d need to use the AND logical operator instead of OR:

If
URI Path equals /folder-name/ AND
URI Path does not contain “.html” AND
URI Path does not contain “.css” AND
etc

If you need more suggestions, please open a separate topic to make its title more relevant to future viewers.

1 Like

Sure i will ask it as a separate topic.

I’m now trying to block all other requests that does not end with .html , .css , .js , .png in a particular folder ignoring the query parameters.

1 Like
1 Like

This topic was automatically closed after 30 days. New replies are no longer allowed.