Header blocking In WAF is not working

Hello! I created rule in WAF to block request by header. I used expression:

any(lower(http.request.headers.names[*])[*] == "X-SONDE")

But i still can get requested resource even with X-SONDE header… There is no other rules.
What i’m doing wrong?

You are converting the incoming header to lowercase, but comparing to the UPPERCASE version. Change to:

any(lower(http.request.headers.names[*])[*] == "x-sonde")

Thanks! It works!

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.