Last active
March 31, 2023 20:24
-
-
Save MillerMedia/cfedcc5fc36ee0bfb5f79951963f4f45 to your computer and use it in GitHub Desktop.
Custom Cloudflare WAF Rule - WordPress .php request hardening. To use, log into Cloudflare -> Click on your domain -> Security -> WAF -> Custom Rules -> Create Rule -> Edit Expression -> Paste the code -> Deploy
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| (http.request.uri.path contains "php" and not http.request.uri.path contains "wp-login" and not http.request.uri.path contains "wp-cron" and not http.request.uri.path contains "wp-admin/" and not http.request.uri.path contains "wp-admin/a" and not http.request.uri.path contains "wp-admin/c" and not http.request.uri.path contains "wp-admin/e" and not http.request.uri.path contains "wp-admin/f" and not http.request.uri.path contains "wp-admin/i" and not http.request.uri.path contains "wp-admin/l" and not http.request.uri.path contains "wp-admin/m" and not http.request.uri.path contains "wp-admin/n" and not http.request.uri.path contains "wp-admin/o" and not http.request.uri.path contains "wp-admin/p" and not http.request.uri.path contains "wp-admin/r" and not http.request.uri.path contains "wp-admin/s" and not http.request.uri.path contains "wp-admin/t" and not http.request.uri.path contains "wp-admin/u" and not http.request.uri.path contains "wp-admin/w" and not http.request.uri.path contains "/php/") |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment