My site is being bombarded with requests like this one:
Those request are trying to exploit a vulnerability in the way OGNL expressions are being processed in Struts.
I’m trying to create a firewall rule to block them, without success. I suspect that it is because the code being injected appears as a #fragment part in the url and is not being filtered.
I’m right? Is there any way I can block those requests?