Firewall not working as intentended

I have a firewall rule

(http.host eq "example.com" and http.request.uri.path contains "/dash/" and any(http.request.headers["sec-fetch-dest"][*] != "script")) or (http.host eq "example.com" and http.request.uri.path eq "/dash/" and http.request.uri.query ne "")

This firewall should block requests which don’t have the header sec-fetch-dest:script and in hostname=example.com and path=/dash/. That works fine.

But when it comes to the second OR condition, it doesn’t. I have fetched the url as GET, with header sec-fetch-dest:script, hostname=example.com and path=/dash/ along with some queries, the request isn’t get blocked.

https://example.com/dash/example.js?query=hiii => should be blocked even if it contains header, since it contains a query.
https://example.com/dash/example.js => works fine if it contains header, else get blocked

Is there something i am missing? This is the firewall rule of my site.

Why do you guys doing this? Previous time Header fields was not on Enterprise. Only the Body fields were Enterprise. When i check it today, the document was updated. And making both Header and Body fields as Enterprise.

This topic was automatically closed after 30 days. New replies are no longer allowed.