Waf
i trying to block any .js .env extension on my domain but only for a sub domain i have this rule but i just dose nothing ? not the real domain just a example the real one is in the rule
(http.request.full_uri contains "https://my.domain.com") and http.request.uri.path in {"js" "cjs" "env" "md" "prisma" "json" ".js" ".cjs" ".env" ".md" ".prisma" ".json"})
16 Replies
That would match if the path is exactly
js, not if it ends with jshow would i do that ? just use contains ?
Yeah, though it is kind of tricky, since it would also block https://my.domain.com/js-is-good-actually
that why i do .js
so they cant do domain/index.js
and the sub domain i am doing it for dose nto have js in any routs since its a api
If it doesn't have those routes, why does it need to be blocked?
you can do domain/index.js
and see the full src code
bc plesk hase a bug
So why not just block
index.js
Instead of all of the extensionsi have 90 files with that js stuff so it would be a pain
Oh
that just 1 first check rout
i have 8 of them
I guess then
contains ".js" would work?
doing it like that
Assuming none of your valid routes have that in them?
on the top is the sub domain
i have
yeah
sorry miss understood it yeah non of them have it in
Then it should work fine.