Setting exact cookie value

I’m trying to create a firewall rule to block access to an admin account by using a separate cookie as validation, as an extra layer of protection.

The problem I have is that, if for example, the admin’s user_id = 5 and I target that value in the cookie as “contains” - somebody who has user_id = 50 will also be hit by that rule because it contains it.

Setting it as “exact” does not work.

How can I fix this?

If you were on a Business plan you could address this with a regular expression. On all lower plans it might be tricky. The easiest approach might be a Worker.

1 Like

I see. I’ll look into that, thank you.

More precisely, the easiest approach on Cloudflare. I’d probably add that check server-side. With Apache, for example, that would be a two-liner using mod_rewrite.

RewriteCond %{HTTP_COOKIE} user_id=5\b
RewriteRule .* - [F]

I’ve elected to block it at the firewall level instead, but it’s nice to know that htaccess is an option as well so I’ll keep it in mind. Thank you.

This topic was automatically closed after 30 days. New replies are no longer allowed.