How to let certain requests through if they have X-foo header set?
I have a high security mode enabled on my website, however, on this subdomain i'm also hosting a service - seq, which is an analytics / logging app. i want the client to be able to send data to this endpoint without getting interrupted of flagged by cloudflare ddos protection. if the request.http.header has
X-Seq-ApiKey set to any value (or a custom one if possible?)19 Replies
also the media type is
application/vnd.serilog.clef
wdym cors? its not made from the browsers, its made from a backend service, .NET app running and using serilog to log the stuff to seq
how do i configure this rule to read the header value and then allow the request through though?
cloudflares high security
and anti bot protections
i have default bot protections, and yes i have UAM on
i want to have it on*
but i want this request, which has only one header, which is the X-Seq-ApiKey set,
well UAM blocks the request ig?, without it logging works
expression:
(http.request.full_uri wildcard "https://seq.mydomain.dev/api/events/raw" and http.request.method eq "POST")
ahh
thanks
that might just be what i needed
how should i use the custom rules?
i mean its just info right? nvm
mb
its still not responding for some reason, maybe the rule isnt good?
@Leo
trace does not seem to be hitting the rule...
you weer right
but why does the actual app not work then?