Cloudflare DevelopersCD
Cloudflare Developers10mo ago
ruan

Security WAF Rule to block requests that doesnt match full uri

I have the following rule on cloudflare Security WAF:
(http.request.full_uri ne "http://tunnel.xxx.com" and http.request.full_uri ne "https://tunnel.xxx.com")

I also tried:
(http.request.full_uri ne "tunnel.xxx.com")

Checking the logs at Security > Events it doesnt show the full uri, just Host "tunnel.xxx.com" Path "/"

It should block any request that is not any of these uri

Im testing the rule with the following example request:
$headers = @{
    "X-Large-Header" = "A" * 1
    "User-Agent" = "WebSocket++/0.8.2"
    "Upgrade" = "websocket"
    "Connection" = "Upgrade"
    "Sec-WebSocket-Key" = "dGhlIHNhbXBsZSBub25jZQ=="
    "Content-Type" = "application/octet-stream"
}

Invoke-WebRequest -Uri "http://tunnel.xxx.com" -Method Get -Headers $headers -Verbose

The rule is blocking the request, why?

I only have that rule active nothing else, turning it off the request succeeds, maybe at the WAF side the full uri is different?
How i could debug this issue?
Was this page helpful?