Hello! I created rule in WAF to block request by header. I used expression:
any(lower(http.request.headers.names[*])[*] == "X-SONDE")
But i still can get requested resource even with X-SONDE header… There is no other rules.
What i’m doing wrong?
You are converting the incoming header to lowercase, but comparing to the UPPERCASE version. Change to:
any(lower(http.request.headers.names[*])[*] == "x-sonde")
Thanks! It works!
This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.