WAF rules not working as expected


I have created following rules to block access to login pages.

(http.request.full_uri eq "https://portainer.pkxxxxxx.com/#!/auth") or (http.request.full_uri eq "https://npm.pkxxxxxx.com/login")

Interestingly, I was able to block https://npm.pkxxxxxx.com/login but https://portainer.pkxxxxxx.com/#!/auth is not blocking. I have created CNAME records for both the sub domain and Cloudflare proxying enabled for both. Any idea guys??

That looks like an anchor link. As I recall, that’s only interpreted by a browser, and can not be used in Rules.

1 Like

Does that mean there is no other way to make it work??