Firewall rules for hotlink protection blocked entire web site

This post was flagged by the community and is temporarily hidden.

Your rule essentially blocks everything that does not come with the referrer you specified. As the referrer is furthermore not even a valid value, it will block everything.

What is it exactly you want to have protected against third party links? Only a few ZIP files?

1 Like

Hi Sandro,

Thank you for the reply.

Because I host a download zip files on my web site, which I do not want people has ability to download directly via URL.

All download must initiated from my web site, hence I put referrer there only from my web site.

Not sure if that make sense? I was using CDN logical to configure this firewall.

Andy

So, only ZIP files and no other resources?

This post was flagged by the community and is temporarily hidden.

In that case you could try this

(http.request.uri.path contains ".zip" and not http.referer contains "YOURDOMAIN.TLD" and http.referer ne "")

i see, wonderful.

Thank you so much, and i shall try it now.

Andy

This post was flagged by the community and is temporarily hidden.

do i have to use contains for referrer? I will try contain now.

Hi Sandro,

tried this, still same result, the full site gets blocked.

(http.request.uri.path contains “.zip” and not http.referer contains “example dot com”) or (not http.referer contains “www dot example dot com”)

I think i have worked it out, instead of checking the file format, i check the uri path.

HTTP/2 403

date: Fri, 13 Mar 2020 11:05:36 GMT

content-type: text/plain; charset=UTF-8

set-cookie: __cfduid=d972073ef58fac93cb51e2841e5b2d6a61584097536; expires=Sun, 12-Apr-20 11:05:36 GMT; path=/; domain=.ccccxxxxx HttpOnly; SameSite=Lax; Secure

cache-control: max-age=15

expires: Fri, 13 Mar 2020 11:05:51 GMT

expect-ct: max-age=604800, report-uri=“https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct

alt-svc: h3-27=":443"; ma=86400, h3-25=":443"; ma=86400, h3-24=":443"; ma=86400, h3-23=":443"; ma=86400

server: cloudflare

cf-ray: 573547e34c87cc1c-SIN

That rule cannot block the entire site.

actually, speak too soon. if i use the uri path, it actually blocking the each individual files, the entire site is ok.

if i use .zip, the entire site is blocked.

Andy

this rule actually really blocked entire site.

Again, the rule in question cannot block the entire site.

Post a test link and screenshots of your firewall rule.

This topic was automatically closed after 14 days. New replies are no longer allowed.