How to apply different waf rules for different webservices under the same domain

stefan.juon · March 13, 2023, 1:28pm

Hi folks
I am a little confused at the moment about how to configure different waf rules for different webservices under the same domain. Let’s say:

My domain is domain.org
Webservice A ist a.domain.org
Webservice B is b.domain.org

The WAF custom rules are configured on the domain level domain.org, so how can I configure different WAF custom rules for the two webservices a.domain.org and b.domain.org? Do I have to provide the “referer” in the ruleset?

If there is some a howto or another post which I did not notice yet you are welcome to point me to that.

Thanks, Stefan

cbrandt · March 13, 2023, 2:37pm

You can use the hostname field to make a rule apply only to a subdomain:

stefan.juon · March 17, 2023, 6:35am

Yes, triggering on the hostname works perfectly fine - as well as triggering on the referer. I understood, that I have one ruleset for all services to be protected over the domain in Cloudflare.

system · March 20, 2023, 6:36am

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.