Rate Limit without wildcard

I’m using WAF Rate Limit with some bypasses for specific endpoints by filtering the path.
I have some longer and more complicated cases and I tried to use wildcards (*). This didn’t work.

Reading around, I noticed that Cloudflare doesn’t support wildcards (*).
I thought about ways to re-write the rule with contains but that will allow other endpoints that shouldn’t be bypassed.
My original rule was this:

(*) replaces the codes or IDs for the different fields.
I can’t really use parts of this URL path like I said, as that will hit other endpoints.

Is there any alternative to this method or way to specify an endpoint like that?

Hi there,

When you use * in a WAF rule, it will be seen as that not as any or all, so my suggestion is you create several lines with and to complete the general URI path you need, so for intance in that case you coud use:
URI PATH + does not contain + store
AND
URI PATH + does not contain + statement
AND
URI PATH + does not contain + codeid
AND
URI PATH + does not contain + account
AND
URI PATH + does not contain + save

See where I’m getting at? In the end it will only apply if it does not contain any of these elements but no wildcard was used.

Take care.

Yeah, I think I get your point. And the group that set of rules so they won’t be mixed with the other rules, right? I believe this supports grouping syntax like this “(rule1 AND rule2) AND rule3”
I’ll give it a try

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.