Web firewall rules and url encoding

firewall
#1

We are getting a lot of attempts for pages on our site with /%20 repeated varying number of times at the end of the URL path. For example:

/en-us/login/%20/%20/%20/

I can catch and discard them upstream with this location regex:
^/(\w{2}(\-\w{2})?)(\/\w+)*(/\ )*/$

I have this at the moment as a cloudflare firewall rule to catch the traffic earlier - but it seems a bit loose to me:
(http.request.uri.path contains "/ ")

Is there a Cloudflare managed rule that covers this?

#2

Oh right - we are Cloudflare Pro so I don’t think I can use REGEX in the firewall rules.

#3

Your rule should actually work. Considering you said there are repeating space, the following might be a bit more specific

(http.request.uri.path contains "/ / ")
#4

Good idea. I’ll do that. Thanks

closed #5

This topic was automatically closed after 30 days. New replies are no longer allowed.