WAF rule to block all directories that are not whitelisted

analytic · July 27, 2024, 2:43pm

What is the name of the domain?

What is the error number?

none

What is the error message?

none

What is the issue you’re encountering

I want to block all requests that target non existing plugin/directories and only allow requests to plugin directories that I include in this expression. The problem is that even though I added a “/*” legit requests to subfolders of specified allowlisted directories get blocked.

What steps have you taken to resolve the issue?

This is the current expression I’m using

(http.request.uri contains “/wp-content/plugins/” and not (
http.request.uri contains “/wp-content/plugins/better-search-replace/" or
http.request.uri contains "/wp-content/plugins/perfmatters/” or
http.request.uri contains “/wp-content/plugins/query-monitor/" or
/”
))

BLOCK

===

But requests to /wp-content/plugins/perfmatters/assets/images/ get blocked as well. Any idea where I got that expression wrong?

sdayman · July 27, 2024, 2:56pm

It looks like you tried to use wildcard * characters, and those aren’t valid in rulesets:

When using “contains”, there’s no need for wildcards.

analytic · July 27, 2024, 3:03pm

Thank you for your reply @sdayman

I originally tried just with “contain” and it blocked subfolders as well.

EDIT: But i did not use http.request.uri.path but http.request.uri. Will try with uri.path and report back

analytic · July 27, 2024, 3:14pm

still blocking legit subdirectory with http.request.uri.path

system · October 25, 2024, 9:58pm

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Firewall Rule to block access to php files Security	6	5580	June 11, 2020
Bloc /wp-content/ in WAF rule Security	3	748	August 19, 2023
WAF rules and whitelist Rules	1	997	April 24, 2023
1 rule to block both with and without / Security	9	2728	January 10, 2022
Trying to undestand WAF Security	15	839	August 27, 2023