"GET /en/stores?page=185&country=US&sort=default&alpha= HTTP/1.1" 200 227757 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:124.0) Gecko/20100101 Firefox/124.0"
翻頁功能禁止使用:
/stores?page=1
/stores?page=2
/stores?page=3
完整連結:https://www.xx.com/stores?page=1
WAF web_acl配置
Rules:---->Add Rules---->Add my own rules and rule groups
Rule type:Rule builder
Rule:
Name: url_deny 自定義名稱
Type:Regular rule
If a request matches all the statements (AND)
Statement 1
Field to match:URI path
Positional constraint:Contains string
Search string: /stores
Text transformations
- None (Priority 0)
AND
Statement 2
Field to match :Query string
Positional constraint:Contains string
Search string: page
Text transformations
- None (Priority 0)
action:block拒絕訪問
意思是先滿足連結中帶有/stores,再滿足連結中帶有 page,才能拒絕訪問,返回403 Forbidden
這樣連結中帶有/stores可以訪問,但是同時滿足 2 個條件就不能訪問