WAF rule for path access control

Hey everyone,

I’m having some trouble setting up a WAF rule to control access to specific paths on my website. Currently, I’ve got a rule that blocks certain paths, and it’s working fine. But what I really need is the opposite: a rule that only allows access to certain paths while blocking everything else.

I’ve tried creating an expression using negations like this:

(not http.request.uri.path contains "/example-path1/")
or
(not http.request.uri.path contains "/example-path2/")
or
(etc...)

But for some reason, it’s blocking all requests instead of just the specified ones.

I’ve been using the Network tab in Chrome DevTools to figure out which paths I need to include in the expression. Could the issue possibly be related to Cloudflare dynamically adding paths to the requests?

Any help would be greatly appreciated. Thanks a lot!

If all the terms start with NOT, then you need AND between them instead of OR.

1 Like

This looks much better indeed! I’ll do some more testing and report back tomorrow. Thanks a lot for now!

Thanks again for your help! It works just like I wanted it.

1 Like

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.