Hello, i tried to make a waf rule to filter get requests to my site and block all requests for which the uri path does not equal “/”. But still i cat see ips who can request get /.env or "GET /config.json "or GET /telescope/requests and so on Do waf rules work after all?
My waf rule is (http.request.uri.path ne “/”)
Is your DNS record proxied?
Otherwise, what is the domain?
yes it is proxied.
Do you have any other rules set that may skip subsequent ones?
must i give you my domain? just answer me my question if you know
i have only one rule that i posted
i made a rule also to filter GET /cgi-bin/luci and block it, it cannot find luci and the request still passes
WAF rules work if set correctly, so without the domain to actually check it’s impossible to guess what might be happening.
ok thanks a lot
You can put the domain in here if you want me to see it and take a look…
https://cf.sjr.org.uk/tools/check