Firewall filter to X-Requested-With

zawlinoo.zaw · September 13, 2019, 8:04am

Hi,

I want to filter http request from some android apps.
I found

GET /assets/mycss.css HTTP/1.1
Host: www.mydomain.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36 SECSSOBrowserChrome
Accept: text/css,/;q=0.1
Referer: http://www.mydomain.com
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: __cfduid=d34c29398b15404e5fc9b4693b45e7e301568257604; evo10iqjtx=3lnp3m823dasqetlkopbgc3kj4; _ga=GA1.2.1024607622.1568258843; _gid=GA1.2.1436762971.1568258843
X-Requested-With: com.theirappsname

I would like to know is there a firewall rule block by (x-requested-with)'s value.
Eg. http.x_requested_with eq “com.therappsname”

I only found x_forwarded_for rule .

sandro · September 13, 2019, 8:09am

Firewall rules do not support custom headers at this point. If you want to filter that on Cloudflare’s side, your only option would currently be to implement a custom worker.

zawlinoo.zaw · September 13, 2019, 8:30am

Hi,
How to filter on my server side.
I host on apache .

sandro · September 13, 2019, 8:32am

Thats a question for StackExchange or Reddit I am afraid.

system · October 13, 2019, 8:04am

This topic was automatically closed after 30 days. New replies are no longer allowed.

Topic		Replies	Views
Firewall Rule Seems to Not Work On Some Requests Rules	66	1461	July 14, 2023
How to block (Empty X-Requested-With header) Rules	2	5221	October 12, 2023
Block X-Requested-With headers Security	2	543	October 5, 2024
Verify origin of request Website, Application, Performance	10	2817	December 14, 2022
Blocking apps Security	12	3784	February 27, 2021

Firewall filter to X-Requested-With

Related topics