WAF rule is not working

I setup a custom WAF rule in the Cloudflare to block all request if URL pattern is matching and if source IP doesn’t match with my VPN IP.

Blockquote
(http.request.uri.path matches “\/(?i)admin\/” and ip.src ne <>)

What is wrong there?

The syntax and most likely the plan level.

You shouldn’t escape the forward slashes. Try with (http.request.uri.path ~ "(?i)^/admin/") and (ip.src != 127.0.0.1).

Thanks, it seems working except one scenario. If I put space after the “admin” word and before the forward slash, then the request is not blocked.

For example, if someone type the request URL as below, then it is not blocked -

Blockquote
https://example.com/admin /abc.txt
OR
https://example.com/admin%20/abc.txt

The requirement is to block all requests matching with “/admin/”, no spaces after the word “admin”

Well, /admin%20/ is an entirely different URL so it will not be blocked. Your admin dashboard should only respond on /admin/, so it shouldn’t be an issue.

However, you can change the regex to (?i)^/admin. That will block any paths starting with /admin - including e.g. /admin.txt.

Thanks.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.