How to trigger JS Challenge for particular usecase

I need to trigger JS Challenge for all pages except the home page and some other pages which has paths like

/example-page.html
/test001.html
/xml4.js
/dsdAAAA.txt

And all other folders or files should be JS Challenged.

I tried to use this expression

(http.request.uri.path ne “/[0-9a-zA-Z-].(html|css|js|txt)” and http.request.uri.path ne “/”)

and didn’t work as expected. Any advice?

You need to use matches for regular expressions instead of equals:

https://developers.cloudflare.com/firewall/cf-firewall-language/operators

You can probably combine it into a single regex. I use debuggex.com to design & test these:

So (^/$|/[0-9a-zA-Z-]+.(html|css|js|txt)) should match the URLs you want to exclude - you can then put something like not http.request.uri.path matches "(^/$|/[0-9a-zA-Z-]+.(html|css|js|txt))"

2 Likes

It is showing unavailable operator?

So you would need to be on the Business or Enterprise plan to use regular expressions in your Firewall rules.

Without this, you would need to use equals but that will mean you’ll need to explicitly define each URL you want to trigger on (or not trigger on), or use the contains operators etc to do something without regular expressions.

Oh thank you for the reply.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.