I have created some rules at DOMAIN > Security > Security rules
For example:
(http.request.method ne “GET” and not len(http.request.headers[“upgrade”]) > 0 and not len(http.request.headers[“connection”]) > 0 and all(http.request.headers[“upgrade”][] ne “websocket”) and all(http.request.headers[“connection”][] ne “upgrade”))
But testing it on a connection to my tunnel the rules doesnt seen to work.
So, these rules doesnt apply to Cloudflare tunnel?
If the hostname, the DNS records exist and is active CNAME for a tunnel, proxied , Custom WAF Rules and more Cloudflare features & options apply by default.
Might depend what kind of a Custom WAF Rule did you created, if there are some typo or missconfigurations created.
You want to detect and keep the HTTP(S) and no Upgrade therefrom, block the requests, or?
Aha, only for HTTP, or rather you’re having issue running WebSockets through the cloudflared tunnel?
Are you planning to:
Run HTTP and WS
Run HTTPS and WSS
Are WebSockets feature enabled at Cloudflare dashboard for your zone?
Are WebSockets running over e.g. sub-domain wss.example.com or as inside a directory on path e.g. /wss/?
, Custom WAF Rules and more Cloudflare features & options apply by default.