regrex in waf rule for hmac_validation
Hi,
I want to use the regex replace function in (http.host eq "xxx.xxx" and not is_timed_hmac_valid_v0("secret", regex_replace(http.request.uri.path, "/.*$", ""), 10800, http.request.timestamp.sec, 8))
The purpose of this rule is to use the partial path (only want to truncate to the last /" of the uri path) to do the hmac valication.
it throws an error in the WAF custom rule dashboard saying regex_replace is not allowed.
Any solutions to this ?
6 Replies
Which plan are you on?
HMAC is Pro+ but Regex is Biz+
oh, i'm on Pro+ plan. does that mean i have to upgrade to biz+ ?
i just want to truncate up to the last '/' ...
You need a Business plan (or higher) to do regex in WAF rules
ok, thanks
is there any documentation saying which functions/fields are supported pro rule vs biz rules
The regex operator availability is mentioned as a note on https://developers.cloudflare.com/ruleset-engine/rules-language/operators/ and https://developers.cloudflare.com/firewall/
Other than that, I don't believe so. Regex is the main one thats restricted
Also,
https://developers.cloudflare.com/ruleset-engine/rules-language/functions/
Also mentions
You can only use the regex_replace() function in rewrite expressions of Transform Rules and target URL expressions of dynamic URL redirects.
got it. thx