Firewall not working as intentended

I have a firewall rule

( eq "" and http.request.uri.path contains "/dash/" and any(http.request.headers["sec-fetch-dest"][*] != "script")) or ( eq "" and http.request.uri.path eq "/dash/" and http.request.uri.query ne "")

This firewall should block requests which don’t have the header sec-fetch-dest:script and in and path=/dash/. That works fine.

But when it comes to the second OR condition, it doesn’t. I have fetched the url as GET, with header sec-fetch-dest:script, and path=/dash/ along with some queries, the request isn’t get blocked. => should be blocked even if it contains header, since it contains a query. => works fine if it contains header, else get blocked

Is there something i am missing? This is the firewall rule of my site.

Why do you guys doing this? Previous time Header fields was not on Enterprise. Only the Body fields were Enterprise. When i check it today, the document was updated. And making both Header and Body fields as Enterprise.

This topic was automatically closed after 30 days. New replies are no longer allowed.