Web firewall rules and url encoding


We are getting a lot of attempts for pages on our site with /%20 repeated varying number of times at the end of the URL path. For example:


I can catch and discard them upstream with this location regex:
^/(\w{2}(\-\w{2})?)(\/\w+)*(/\ )*/$

I have this at the moment as a cloudflare firewall rule to catch the traffic earlier - but it seems a bit loose to me:
(http.request.uri.path contains "/ ")

Is there a Cloudflare managed rule that covers this?


Oh right - we are Cloudflare Pro so I don’t think I can use REGEX in the firewall rules.


Your rule should actually work. Considering you said there are repeating space, the following might be a bit more specific

(http.request.uri.path contains "/ / ")

Good idea. I’ll do that. Thanks

closed #5

This topic was automatically closed after 30 days. New replies are no longer allowed.