Firewall filter to X-Requested-With


I want to filter http request from some android apps.
I found

GET /assets/mycss.css HTTP/1.1
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/75.0.3770.142 Safari/537.36 SECSSOBrowserChrome
Accept: text/css,/;q=0.1
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: __cfduid=d34c29398b15404e5fc9b4693b45e7e301568257604; evo10iqjtx=3lnp3m823dasqetlkopbgc3kj4; _ga=GA1.2.1024607622.1568258843; _gid=GA1.2.1436762971.1568258843
X-Requested-With: com.theirappsname

I would like to know is there a firewall rule block by (x-requested-with)'s value.
Eg. http.x_requested_with eq “com.therappsname”

I only found x_forwarded_for rule .

Firewall rules do not support custom headers at this point. If you want to filter that on Cloudflare’s side, your only option would currently be to implement a custom worker.

1 Like

How to filter on my server side.
I host on apache .

Thats a question for StackExchange or Reddit I am afraid.

1 Like