I have a web service that allows AJAX requests from other domains. However one domain is making too many requests and I’d like to block it temporarily. Here’s what a sample offending request looks like from my server logs:
- - [28/Mar/2024:15:12:36 +0000] “POST /analytics/events/add/ HTTP/1.1” 201 0 “https://.game-files.crazygames.com/” “Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36”
So I added a rule to WAF like this: (http.referer contains “crazygames.com”) with the action set to block.
However, I’m still seeing requests coming through and none of the requests are blocked. What am I doing wrong?