Rule not working correctly
Can someone help me with this rule? I am trying to block requests that don't have a header.. is this due to cache orr
19 Replies
Your rule screenshot omits some info (i.e action)
can you send the full screenshot?
ah I already see what's happening
your rule is correct, but your postman request not
notice the green bubble at the
Authorization tab? You got something configured over there, which is overriding the authorization header you set.
Open that tab and set it to No authAt my side I can confirm the WAF rule works fine when doing the correct postman request
Thank you!
that works in postman
I can't get it to work with javascript though
both snippests error (second one was directly exported from postman)
idk, works for me
getting the expected 404 there
This is while being on https://drive-api.soos.dev/
if you want to call it from another (sub)domain, then you're going to need to setup CORS and all that
What
Hm
I do have cors tho to *
Also side-note, I would recommend doing authentication on your API's side, not Cloudflare WAF
I want to off load everything to cf
do you think its better to just do it on the api?
not from what I see
can you check again now that I turned off the rule
you'll need to edit your Cloudflare WAF rule to pass requests with the
OPTIONS method for CORS to workoh
and then just make sure your API handles those CORS requests correctly
yeah if the api is communicating for options anyway it doesn't make sense to have this on cloudflare
thank you for the help @Peps