Hi,
I have a firewall rule that is like (http.request.uri.path contains “xyz” and not http.referer contains “mysite.com”) then block. It was working fine before but with this new ‘Reload page’ button the path is now literally accessible by anyone. I hope you switch back to the old version.
Best regards.
That’s certainly concerning. I totally see why that’s not working. The block page (with your URL) is the referrer.
While referrers are easy to fake, and the block page isn’t going to spill the beans on why they’re blocked, this does look like an oversight. If that Block Page removed the Referrer in the Reload Page button, that should seal that up.
I suggest you open a ticket and post the ticket # here so we can escalate this. I believe @mdemoura is on the Firewall team and can give this a look.
Thanks for raising. I’ve shared this with the team and we’re investigating.
This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.
