WAF/Firewall - Unvalidated URL redirects

How do I configure WAF or Firewall rules to detect and block unvalidated url redirects?

https://mainsite[.]com/user/login?return_url=https://www[.]nnn[.]com
I am looking for Cloudflare to stop the redirection to https://www[.]nnn[.]com

Thank you.

I belive this could be partialy achieved, but would redirect from redirected URL to something else or strip the part after the login? with a Transform Rule.

Otherwise, using a Page Rule to redirect anyone from this particular URL to something else.

Third option would be to use a Firewall Rule to block each of the requests for the specific URL which contains login?return_url.

If the origin host/server is doing the redirection, I am afraid Cloudflare cannot help a lot, but from above mentioned possible solutions, let’s call them a workaround, it could help you with it :wink:

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.