Here is a question about Firewall rules that use Match Regex. This is for Enterprise customers who want a simple way to block requests for file types that your website does not use.
We have a number of robots who request files trying to obtain information from our websites that might have been left “unprotected”. They request hundreds of .tar or .7z files with a variety of names. They request executable files that we do not furnish like .exe or .dll or even .cgi.
There is not a lot of information documented on Regular Expressions in the Cloudflare documentation, so let me share with you two very helpful links. Documentation on Regular Expressions is available here: https://medium.com/factory-mind/regex-tutorial-a-simple-cheatsheet-by-examples-649dc1c3f285
Even better is a testing tool found here. I like this tool in particular because it allows you to asses how simple or complex your regular expression is from a runtime performance perspective. You want your regular expression to execute as quickly as possible! See this tool: https://regex101.com/r/cO8lqs/11
What we have tried to do is block many of the most popular requested file types that our sites do not furnish. We have a Firewall rule that blocks
URI Matches .+\.(exe|dll|cgi|tar|7z|rar|gz|sql|bck|bak|bz2|tgz)$
(http.request.uri matches “.+\\.(exe|dll|cgi|tar|7z|rar|gz|sql|bck|bak|bz2|tgz)$”)
But this does not actually work! Do you have any suggestions?