Skip to content

Instantly share code, notes, and snippets.

@marcofbb
Created April 3, 2020 01:41
Show Gist options
  • Save marcofbb/e3e22be8f6b9db2b78524a245123a874 to your computer and use it in GitHub Desktop.
Save marcofbb/e3e22be8f6b9db2b78524a245123a874 to your computer and use it in GitHub Desktop.
Varnish remove GET parameters Cloudflare under attack challange
# in vcl_recv
if (req.url ~ "(\?|&)(__cf_chl_jschl_tk__)=") {
set req.url = regsuball(req.url, "&(__cf_chl_jschl_tk__)=([A-z0-9_\-\.%25]+)", "");
set req.url = regsuball(req.url, "\?(__cf_chl_jschl_tk__)=([A-z0-9_\-\.%25]+)", "?");
set req.url = regsub(req.url, "\?&", "?");
set req.url = regsub(req.url, "\?$", "");
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment