WAF Firewall Rule For WordPress: Unrecognized Input

I’m trying to follow a rule I found on https://developers.cloudflare.com/firewall/cf-firewall-rules but when I enter in the below, I get an error saying “Unrecognized Input” and I’m not sure why. Any ideas?

((http.request.uri.path contains “/xmlrpc.php”) or (http.request.uri.path contains “/wp-login.php”) or (http.request.uri.path contains “/wp-admin/” and not http.request.uri.path contains “/wp-admin/admin-ajax.php” and not http.request.uri.path contains “/wp-admin/theme-editor.php”)) and ip.geoip.country ne “US”)

Your formatting is somewhat messed-up. Try this:

(
    (
        http.request.uri.path contains "/xmlrpc.php" or http.request.uri.path contains "/wp-login.php" or (
            http.request.uri.path contains "/wp-admin/" and not http.request.uri.path contains "/wp-admin/admin-ajax.php" and not http.request.uri.path contains "/wp-admin/theme-editor.php"
        )
    ) and ip.geoip.country ne "US"
)
3 Likes

That worked perfectly! Thank you!

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.