How to use waf to block access to uri not with .jpg and .png

Hi Guys,

after reading the rule language, i was unable to setup a rule to block uri not contains .jpg and .png.
Anyone has an idea how to do this?

(http.host eq "xxx.com" and not http.request.uri contains "jpg") or (http.host eq "xxx.com" and not http.request.uri contains "png")

It should be host eq blah AND uri doesn’t contain jpg AND uri doesn’t contain PNG

So, if it’s that host AND it’s not jpg/png, then block.

Seems a strange rule. It’s only going to allow requests for JPGs and PNGs at that hostname.

1 Like

it works! thx @sdayman

1 Like

and also user better the uri whit dot → “.png” and “.jpg” not just “png” or “jpg”

1 Like

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.