I have a firewall rule
(http.host eq "example.com" and http.request.uri.path contains "/dash/" and any(http.request.headers["sec-fetch-dest"][*] != "script")) or (http.host eq "example.com" and http.request.uri.path eq "/dash/" and http.request.uri.query ne "")
This firewall should block requests which don’t have the header sec-fetch-dest:script and in
hostname=example.com and path=/dash/. That works fine.
But when it comes to the second OR condition, it doesn’t. I have fetched the url as GET, with header sec-fetch-dest:script,
hostname=example.com and path=/dash/ along with some queries, the request isn’t get blocked.
https://example.com/dash/example.js?query=hiii => should be blocked even if it contains header, since it contains a query.
https://example.com/dash/example.js => works fine if it contains header, else get blocked
Is there something i am missing? This is the firewall rule of my site.