How To Block /dev.tar.gz /.sql extension hits on Cloudlfare WAF?

Hi Guys, I need help with blocking access to random pages specifically like /dev.tar.gz on WAF.

What have you tried so far? Can you share the site and rule?

Hi Cloonan - I tried the attached to control /xmlrpc.php page from accessing and it worked.

Screenshot 2023-03-28 at 9.11.42 AM2106×160 6.65 KB

Any help for me please?

How To Block /dev.tar.gz /.sql extension hits on Cloudlfare WAF?

You can simply create a firewall rule with:

(http.request.uri contains “xmlrpc.php”) or (http.request.uri contains “.tar”) or (http.request.uri contains “.gz”) or (http.request.uri contains “.sql”)

Below is also a list of a lot of file extensions that you may also like to block. You don’t need to use everything bellow. You can fine tune it to your user case and avoid false-positives.

(http.request.uri contains “.asa”) or (http.request.uri contains “.dat”) or (http.request.uri contains “.reset”) or (http.request.uri contains “.axd”) or (http.request.uri contains “backup”) or (http.request.uri contains “.bak”) or (http.request.uri contains “.bat”) or (http.request.uri contains “.cdx”) or (http.request.uri contains “.cer”) or (http.request.uri contains “.cfg”) or (http.request.uri contains “.cmd”) or (http.request.uri contains “.com”) or (http.request.uri contains “.conf”) or (http.request.uri contains “.cspro”) or (http.request.uri contains “.csr”) or (http.request.uri contains “.db”) or (http.request.uri contains “.dll”) or (http.request.uri contains “.dos”) or (http.request.uri contains “htaccess”) or (http.request.uri contains “htpass”) or (http.request.uri contains “.ida”) or (http.request.uri contains “.idc”) or (http.request.uri contains “.inc”) or (http.request.uri contains “.ini”) or (http.request.uri contains “.key”) or (http.request.uri contains “.lnk”) or (http.request.uri contains “.log”) or (http.request.uri contains “.mdb”) or (http.request.uri contains “.old”) or (http.request.uri contains “.gz”) or (http.request.uri contains “.pass”) or (http.request.uri contains “.psd”) or (http.request.uri contains “.pdb”) or (http.request.uri contains “.pdf”) or (http.request.uri contains “.print”) or (http.request.uri contains “.pdw”) or (http.request.uri contains “.rdb”) or (http.request.uri contains “.sql”) or (http.request.uri contains “.pol”) or (http.request.uri contains “.sqi”) or (http.request.uri contains “.swp”) or (http.request.uri contains “.swf”) or (http.request.uri contains “.vb”) or (http.request.uri contains “.vs”) or (http.request.uri contains “.webinf”) or (http.request.uri contains “.xs”) or (http.request.uri contains “.7z”) or (http.request.uri contains “.ab4”) or (http.request.uri contains “.ace”) or (http.request.uri contains “.afm”) or (http.request.uri contains “.as”) or (http.request.uri contains “.bash”) or (http.request.uri contains “.sh”) or (http.request.uri contains “.cfml”) or (http.request.uri contains “.bin”) or (http.request.uri contains “.ctl”) or (http.request.uri contains “.cgi”) or (http.request.uri contains “.eml”) or (http.request.uri contains “.eng”) or (http.request.uri contains “.env”) or (http.request.uri contains “.et”) or (http.request.uri contains “.exe”) or (http.request.uri contains “.fec”) or (http.request.uri contains “.jsp”) or (http.request.uri contains “.lqd”) or (http.request.uri contains “.make”) or (http.request.uri contains “passwd”) or (http.request.uri contains “adminpass”) or (http.request.uri contains “.mbf”) or (http.request.uri contains “.mmw”) or (http.request.uri contains “.mny”) or (http.request.uri contains “.mode”) or (http.request.uri contains “.one”) or (http.request.uri contains “.phtml”) or (http.request.uri contains “.pl”) or (http.request.uri contains “.prof”) or (http.request.uri contains “.psd”) or (http.request.uri contains “.pst”) or (http.request.uri contains “.py”) or (http.request.uri contains “.qd”) or (http.request.uri contains “.qb”) or (http.request.uri contains “.rar”) or (http.request.uri contains “.pt”) or (http.request.uri contains “.rdf”) or (http.request.uri contains “.sav”) or (http.request.uri contains “.sdb”) or (http.request.uri contains “.maria”) or (http.request.uri contains “.soa”) or (http.request.uri contains “.svn”) or (http.request.uri contains “.stx”) or (http.request.uri contains “.tax”) or (http.request.uri contains “.them”) or (http.request.uri contains “.tls”) or (http.request.uri contains “.tm”) or (http.request.uri contains “.wow”) or (http.request.uri contains “src”) or (http.request.uri contains “.xtm”) or (http.request.uri contains “.zip”) or (http.request.uri contains “.git”) or (http.request.uri contains “.clone”) or (http.request.uri contains “license”) or (http.request.uri contains “readme”) or (http.request.uri contains “._error”) or (http.request.uri contains “/conf”)

Thank you very much Demonhia!!

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.