Use firewall to allow only request "sec_fetch_dest": "script"

I want to block all other request other than header contains

sec_fetch_dest” : “script

How can i do this? Is it possible? If this header contains any other types i want to block them…

I do not see any options in Firewall Rules that parses all the headers.

Is there some other unique header you can use? Like User Agent String? A Cookie?

Then firewalling using all other headers (custom ones) should be implemented in Firewall Rules. This is an important and necessary step to block requests.

It turns out it’s available in Enterprise plans. So there you go.

1 Like

Enterprise? :joy: Not even PRO I wonder.

And everybody else can go the Worker route.

1 Like

:man_shrugging: cost prohibitive

Workers? Not really.

1 Like

may be not possible to upgrade to enterprise.

Hey i just found that the thing i have requested is not actually enterprise.( Header fields ) only, the Body fields (Enterprise plans only). So this will allow me to block the request of

sec_fetch_dest” : “script

So i am trying any(http.request.headers["sec_fetch_dest"][*] == "script") , this will block all request which has “sec_fetch_dest” : “script” , but i just want it opposite. Means block all requests other than this.

Can you help? Should i add just !=?

EDITED: Yeah i found the solution last.

any(http.request.headers["sec-fetch-dest"][*] != "script")
note that : sec-fetch-dest instead of sec_fetch_dest


When i check the same document again, it is seeing that HTTP header and body fields (Enterprise Plan only.) Did you guys updated the document? :ok_man:t3:

Why suddenly Enterprise only? This is SAD. Making every important thing on Enterprise. :grimacing: :ok_man:t3:

This topic was automatically closed after 30 days. New replies are no longer allowed.