Managed rules: referer

in the managed ruleset, i can find one regarding referer
Anomaly:Header:User-Agent, Anomaly:Header:referer 0fa48ed6287c4447b6cd89c4f59a8de9

is this equivalent to
not (http.referer eq “” or http.referer contains “http://” or http.referer contains “https://”)

where can i read what each rulset does ?

I tested this not (http.referer eq “” or http.referer contains “http://” or http.referer contains “https://”)
But it is matching so much traffic that seems to be real users. what is your view on this ?

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.