New Page rule migration is not working

I have a page rule to disable browser integratity for following url *api.example.com/* and as page rules are depricated, this rule isn’t working. So now I am creating similar rule in Configure rule and created following (http.host contains "api.example.com")
But it isn’t working. Kindly help and suggest

To test your rule, use Trace, and type in a URL to see if it triggers that configuration rule:

In Trace, I have set GET request and for url api.example.com. It fetched a rule and following json is displaying in page rule details:

{
  "step_name": "f7326dd69b684b0495591a390ca11352",
  "type": "rule",
  "matched": true,
  "action_parameter": {
    "bic": false
  },
  "expression": "(http.host contains \"api.example.com\")",
  "description": "*api.example.com/*",
  "action": "set_config"
}

But how it will validate if the page rule is working for “Browser Integrity Check”?

This should trigger BIC:

curl -svo /dev/null https://api.example.com -H "User-Agent:CherryPicker v5.0"

1 Like

Hello,

Following is the output of the command which I ran into my terminal. (please consider api.example.com with my website name)

curl -svo /dev/null https://api.example.com -H "User-Agent:CherryPicker v5.0"
*   Trying 2606:4700:20::681a:22c:443...
* TCP_NODELAY set
* Connected to api.example.com (2606:4700:20::681a:22c) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
* TLSv1.3 (IN), TLS handshake, Server hello (2):
{ [122 bytes data]
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
{ [19 bytes data]
* TLSv1.3 (IN), TLS handshake, Certificate (11):
{ [4223 bytes data]
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
{ [264 bytes data]
* TLSv1.3 (IN), TLS handshake, Finished (20):
{ [52 bytes data]
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
} [1 bytes data]
* TLSv1.3 (OUT), TLS handshake, Finished (20):
} [52 bytes data]
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use h2
* Server certificate:
*  subject: CN=example.com
*  start date: Jun  3 01:52:47 2024 GMT
*  expire date: Sep  1 01:52:46 2024 GMT
*  subjectAltName: host "api.example.com" matched cert's "*.example.com"
*  issuer: C=US; O=Google Trust Services LLC; CN=GTS CA 1P5
*  SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
} [5 bytes data]
* Using Stream ID: 1 (easy handle 0x556bda36f650)
} [5 bytes data]
> GET / HTTP/2
> Host: api.example.com
> accept: */*
> user-agent:CherryPicker v5.0
> 
{ [5 bytes data]
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
{ [238 bytes data]
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
{ [238 bytes data]
* old SSL session ID is stale, removing
{ [5 bytes data]
* Connection state changed (MAX_CONCURRENT_STREAMS == 100)!
} [5 bytes data]
< HTTP/2 200 
< date: Sat, 08 Jun 2024 04:22:51 GMT
< content-type: text/html
< x-frame-options: SAMEORIGIN
< strict-transport-security: max-age=63072000; includeSubdomains; preload
< x-content-type-options: nosniff
< last-modified: Fri, 12 Apr 2024 11:17:38 GMT
< vary: Accept-Encoding
< content-security-policy: frame-ancestors 'self';
< cf-cache-status: DYNAMIC
< report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9RtkfX6aWgq07JdkSCtJObUJIw4i%2FdQncPihSXeXSSkJ92EVZ3JElyXLEdb74FYoDmboY%2BFST5dpRpyxGuNfM%2BUzg%2B80kGx2DS33lrSzmeSL7B%2FktWxTmocU0BZtMlxjzDf1S0AZ2xt93CJAkgaWqfGe1uU%3D"}],"group":"cf-nel","max_age":604800}
< nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
< server: cloudflare
< cf-ray: 89061a6e5a300e38-BOM
< alt-svc: h3=":443"; ma=86400
< 
{ [5 bytes data]
* Connection #0 to host api.example.com left intact