I’m trying to create a firewall rule that triggers a challenge based on the presence of a URL parameter in the query string. While I can create a regex that matches the specific param=value portion of the query string, I can’t seem to get the regex to match the entire query string.
I want to challenge any request that has
myparam=1234 in the URL (4 digits for the value).
myparam=12345 would not be challenged. I have a rule that handles this if the matched param+value is the only thing in the query sting. But if my query string is
foo=bar&myparam=1234, then the pattern doesn’t match. Here’s my pattern:
I’ve tried adding “" and ".” to the beginning and end in various places, but it basically gets ignored.
Anyone have a suggestion as to how to properly handle a wildcard for preceding and trailing params?