Hello all,
This is my first post so I hope I’m posting it in the correct place. I tried to search for an answer but couldn’t find anything really related, hence the post.
The problem I’m having is that WAF rules do not seem to take place.
My domain is on Cloudflare on the free plan. I have two subdomains defined as CNAME records.
Something like this:
CNAME api alb-aws-blah-blah-blah
CNAME app blahblahblah. cloudfront. net
Obviously the “blah blah” records are entered correctly. I’ve redacted this just for the post.
As far as DNS it works correctly. Both these records are proxied through Cloudflare (orange logo).
Now I’m trying to make some rules in the WAF which go like this:
uri contains app. mydomain. com/register
or
uri contains app. mydomain. com/login
or
uri contains app. mydomain. com/forgot-password
Then
Managed challenge
(Sorry about spaces, it’s just not to make this a url)
However this doesn’t seem to take place. As a quick test, I tried adding the “forgot-password” url as a separate rule (after removing it from the first rule) and block that page temporarily (instead using challenge) to see if the rule takes place, but it doesn’t seem to work.
What am I missing?
Thanks!
