Managed rules: referer

Rocky.sy · September 13, 2023, 8:47am

in the managed ruleset, i can find one regarding referer
Anomaly:Header:User-Agent, Anomaly:Header:referer 0fa48ed6287c4447b6cd89c4f59a8de9

is this equivalent to
not (http.referer eq “” or http.referer contains “http://” or http.referer contains “https://”)

where can i read what each rulset does ?

Rocky.sy · September 17, 2023, 11:18am

I tested this not (http.referer eq “” or http.referer contains “http://” or http.referer contains “https://”)
But it is matching so much traffic that seems to be real users. what is your view on this ?