Firewall to block POST with empty body

Is there a way to craft firewall rule or WAF rule to block empty POSTs? Basically my site experienced DDoS which was partly successful due to the fact it used uncached POSTs to legit URIs which are only served by GETs and have quite good cache hit rate in normal situations.

In that case I’d block POSTs altogether

(http.request.uri.path in {"/path1" "/path2"} and http.request.method ne "GET")

I would like to inform that I found that firewall rule is already provided in Cloudlfalre Specials but in default disabled state. Rules than must be enabled to block emtpy POSTS are 100074 and 100074b.

Together with Sandro’s suggested POSTs blocking to non POSTs URIs would be quite nice combo.

This topic was automatically closed after 30 days. New replies are no longer allowed.