How to let certain requests through if they have X-foo header set?

I have a high security mode enabled on my website, however, on this subdomain i'm also hosting a service - seq, which is an analytics / logging app. i want the client to be able to send data to this endpoint without getting interrupted of flagged by cloudflare ddos protection. if the request.http.header has

X-Seq-ApiKey

X-Seq-ApiKey

X-Seq-ApiKey

X-Seq-ApiKey set to any value (or a custom one if possible?)

tenxdeveloperOP•1/6/25, 9:32 PM

also the media type is application/vnd.serilog.clefapplication/vnd.serilog.clef

Original message was deleted

tenxdeveloperOP•1/6/25, 9:33 PM

wdym cors? its not made from the browsers, its made from a backend service, .NET app running and using serilog to log the stuff to seq

tenxdeveloperOP•1/6/25, 9:34 PM

how do i configure this rule to read the header value and then allow the request through though?

tenxdeveloperOP•1/6/25, 9:34 PM

cloudflares high security

tenxdeveloperOP•1/6/25, 9:34 PM

and anti bot protections

tenxdeveloperOP•1/6/25, 9:35 PM

i have default bot protections, and yes i have UAM on

tenxdeveloperOP•1/6/25, 9:35 PM

i want to have it on*

tenxdeveloperOP•1/6/25, 9:35 PM

but i want this request, which has only one header, which is the

X-Seq-ApiKey

X-Seq-ApiKey

set,

tenxdeveloperOP•1/6/25, 9:36 PM

well UAM blocks the request ig?, without it logging works

tenxdeveloperOP•1/6/25, 9:36 PM

tenxdeveloperOP•1/6/25, 9:37 PM

expression:
(http.request.full_uri wildcard "https://seq.mydomain.dev/api/events/raw" and http.request.method eq "POST")(http.request.full_uri wildcard "https://seq.mydomain.dev/api/events/raw" and http.request.method eq "POST")

tenxdeveloperOP•1/6/25, 9:37 PM

tenxdeveloperOP•1/6/25, 9:37 PM

tenxdeveloperOP•1/6/25, 9:37 PM

ahh

tenxdeveloperOP•1/6/25, 9:38 PM

thanks

tenxdeveloperOP•1/6/25, 9:38 PM

that might just be what i needed

tenxdeveloperOP•1/6/25, 9:38 PM

tenxdeveloperOP•1/6/25, 9:38 PM

how should i use the custom rules?

tenxdeveloperOP•1/6/25, 9:38 PM

i mean its just info right? nvm

tenxdeveloperOP•1/6/25, 9:39 PM

tenxdeveloperOP•1/6/25, 9:43 PM

its still not responding for some reason, maybe the rule isnt good?

tenxdeveloperOP•1/6/25, 9:44 PM

(len(http.request.headers["x-seq-apikey"]) > 0 and http.request.uri.path eq "/api/events/raw" and http.request.method eq "POST")

(len(http.request.headers["x-seq-apikey"]) > 0 and http.request.uri.path eq "/api/events/raw" and http.request.method eq "POST")

tenxdeveloperOP•1/6/25, 9:44 PM

tenxdeveloperOP•1/6/25, 9:44 PM

tenxdeveloperOP•1/6/25, 9:45 PM

@Leo

tenxdeveloperOP•1/6/25, 9:56 PM

tenxdeveloperOP•1/6/25, 9:56 PM

trace does not seem to be hitting the rule...

tenxdeveloperOP•1/6/25, 9:57 PM

tenxdeveloperOP•1/6/25, 11:13 PM

you weer right

tenxdeveloperOP•1/6/25, 11:13 PM

tenxdeveloperOP•1/6/25, 11:13 PM

but why does the actual app not work then?

How to let certain requests through if they have X-foo header set?

Similar Threads

Similar Threads

Similar Threads