Security WAF Rule to block requests that doesnt match full uri

I have the following rule on cloudflare Security WAF:

(http.request.full_uri ne "http://tunnel.xxx.com" and http.request.full_uri ne "https://tunnel.xxx.com")

(http.request.full_uri ne "http://tunnel.xxx.com" and http.request.full_uri ne "https://tunnel.xxx.com")

I also tried:

(http.request.full_uri ne "tunnel.xxx.com")

(http.request.full_uri ne "tunnel.xxx.com")

Checking the logs at Security > Events it doesnt show the full uri, just Host "tunnel.xxx.com" Path "/" It should block any request that is not any of these uri Im testing the rule with the following example request:

$headers = @{
    "X-Large-Header" = "A" * 1
    "User-Agent" = "WebSocket++/0.8.2"
    "Upgrade" = "websocket"
    "Connection" = "Upgrade"
    "Sec-WebSocket-Key" = "dGhlIHNhbXBsZSBub25jZQ=="
    "Content-Type" = "application/octet-stream"
}

Invoke-WebRequest -Uri "http://tunnel.xxx.com" -Method Get -Headers $headers -Verbose

$headers = @{
    "X-Large-Header" = "A" * 1
    "User-Agent" = "WebSocket++/0.8.2"
    "Upgrade" = "websocket"
    "Connection" = "Upgrade"
    "Sec-WebSocket-Key" = "dGhlIHNhbXBsZSBub25jZQ=="
    "Content-Type" = "application/octet-stream"
}

Invoke-WebRequest -Uri "http://tunnel.xxx.com" -Method Get -Headers $headers -Verbose

The rule is blocking the request, why? I only have that rule active nothing else, turning it off the request succeeds, maybe at the WAF side the full uri is different? How i could debug this issue?

1 Reply

Cyb3r-Jak3•7d ago

You probably want to have the URI be https://tunnel.xxx.com/

Gaming

Programming

Security WAF Rule to block requests that doesnt match full uri

Did you find this page helpful?