Waf

i trying to block any .js .env extension on my domain but only for a sub domain i have this rule but i just dose nothing ? not the real domain just a example the real one is in the rule (http.request.full_uri contains "https://my.domain.com") and http.request.uri.path in {"js" "cjs" "env" "md" "prisma" "json" ".js" ".cjs" ".env" ".md" ".prisma" ".json"})
16 Replies
Hello, I’m Allie!
That would match if the path is exactly js, not if it ends with js
0xFFFFFFFF
0xFFFFFFFFOP8mo ago
how would i do that ? just use contains ?
Hello, I’m Allie!
Yeah, though it is kind of tricky, since it would also block https://my.domain.com/js-is-good-actually
0xFFFFFFFF
0xFFFFFFFFOP8mo ago
that why i do .js so they cant do domain/index.js and the sub domain i am doing it for dose nto have js in any routs since its a api
Hello, I’m Allie!
If it doesn't have those routes, why does it need to be blocked?
0xFFFFFFFF
0xFFFFFFFFOP8mo ago
you can do domain/index.js and see the full src code bc plesk hase a bug
Hello, I’m Allie!
So why not just block index.js Instead of all of the extensions
0xFFFFFFFF
0xFFFFFFFFOP8mo ago
i have 90 files with that js stuff so it would be a pain
0xFFFFFFFF
0xFFFFFFFFOP8mo ago
that just 1 first check rout i have 8 of them
Hello, I’m Allie!
I guess then contains ".js" would work?
0xFFFFFFFF
0xFFFFFFFFOP8mo ago
doing it like that
Hello, I’m Allie!
Assuming none of your valid routes have that in them?
0xFFFFFFFF
0xFFFFFFFFOP8mo ago
on the top is the sub domain i have yeah sorry miss understood it yeah non of them have it in
Hello, I’m Allie!
Then it should work fine.
0xFFFFFFFF
0xFFFFFFFFOP8mo ago
:sadcraxto: do you know why this is happening by any chance ?
Want results from more Discord servers?
Add your server