How to white-list certain URLs?

When I enable Firewall --> Cloudflare Managed Rules, then parts of my application break, because sometimes my clients send requests using the browser’s fetch API to an endpoint /s3direct/ in order to receive a signed request to then upload an image directly into an S3 bucket.

I have tried to add a Firewall Rule that always allows requests to that endpoint. The expression looks like this:

(http.request.uri.path contains "/s3direct/")

However, this does not seem to help. I assume that the managed rules take precedence over the self-made rules.

Is there any way to solve this?

You need to use Bypass instead of Allow as the action.

Bypass - WAF Managed Rules.

Hmm… I tried that, but it still does not work.

My requests get blocked with this Rule name: 949110: Inbound Anomaly Score Exceeded.

I have changed my custom rule to Bypass and selected everything except User Agent Block, Hotlink Protection and Zone Lockdown.

How many firewall rules do you have?

Mind to provide a screenshot of that?

Just one to whitelist a few URLs that contain certain paths.

Expression looks like this:

(http.request.uri.path contains "/s3direct/") or (http.request.uri.path contains "/api/"))

Some googling revealed that 949110: Inbound Anomaly Score Exceeded means that too many of the OWASP rules triggered.

So does that mean that OWASP rules cannot be bypassed?

Is your WAF UI looks like this?

Or this:

It looks like the first screenshot. When I disable OWASP, things seem to work, but I guess having OWASP would be better, so I wonder if it is simply not possible to bypass those?

The first screenshot is representing the new WAF engine released by Cloudflare recently (less than 2 weeks ago).

But I heard that they might have issues in bypassing the new WAF when the user specifies it in the firewall rules.

Oh wow, good to know. So this could be a bug in Cloudflare? Would it make sense for me to send an email to their team or are they monitoring this board?

1 Like

Yup, but they are working it.

You may send them an email so they are more aware of this issue :laughing:

Cool. Thanks again for your help!

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.