Redirecting pages before WAF filtering

We have a static site of a few .html pages that is getting battered by spammers and bots and we would like to redirect the existing pages to use a .cfm suffix (we run Cold Fusion).

How would we do this in Cloudflare so that once all the redirects were in place we could then block all acess to *.html before the traffic hits our server. This would also mean our SEO links from google etc would remain active.

Thanks in advance, and hope this makes sense!

We have a static site of a few .html pages that is getting battered by spammers and bots and we would like to redirect the existing pages to use a .cfm suffix (we run Cold Fusion).

How would we do this in Cloudflare so that once all the redirects were in place we could then block all acess to *.html before the traffic hits our server. This would also mean our SEO links from google etc would remain active.

Thanks in advance, and hope this makes sense!

You cannot block requests, as you’d otherwise also block the redirect.

You can certainly already redirect on the proxies however, so .html requests would not even be forwarded to your server.

The easiest way would be with a page rule → https://dash.cloudflare.com/?to=/:account/:zone/rules

Thank you for this suggestion but surely the requests will still be send to the server?

If the original request is for /spam.html then that will change it to /spam.cfm and ask IIS at our end to serve the page. We need to block rogue .html requests so that only valid ones get through. Can we create a allowlist on Cloudflare of only our valid html pages?

Does this make sense?

The .cfm requests? Sure, that’s what you want.

What exactly do you want to achieve? What is “valid”? If you have a set of acceptable .cfm URLs, then you can certainly use a firewall rule to block all requests which are not for those files.

Hi Sandro - maybe this would help.

We want to only allow access to a specifi URLs such as:

https://1stchoicefacilities.co.uk/
https://1stchoicefacilities.co.uk/what-we-do.html
https://1stchoicefacilities.co.uk/cookie-policy.html

And block any other requests for .html files that are not in our definitive list.

We thought originally if we renamed the html files to .cfm then applied a universal block to all .html files that would fix it but I understand that can’t work.

Thanks for your patience!

That’s not a redirect however.

Anyhow, if you want to whitеlist only certain files, then you can use the following expression with a firewall rule

(http.request.uri.path contains ".html" and not http.request.uri.path in {"/what-we-do.html" "/cookie-policy.html"})
1 Like

Okay so that sounds perfect and won’t affect any other links or JS embedded in the good html files?

Much appreciated…

It will apply to all .html files and will only allow the ones listed.

We had to change http.request.uri.path at the start to http.request.full_uri and it worked thanks!

That should not be necessary and uri.path is actually better. But if it works.

No it didn’t work using uri.path. Worked right away when we went to full_uri

Thanks again though!