olkitu/cloudflare-firewall-examples.md

## cloudflare-firewall-examples.md

      
    Raw
  

              cloudflare-firewall-examples.md
            
          
    Some example rules for CloudFlare firewall: https://developers.cloudflare.com/firewall/cf-firewall-rules/fields-and-expressions
Block access to Wordpress php-files

(http.request.uri.path contains "/wp-content/" and http.request.uri.path contains ".php") or (http.request.uri.path contains "/wp-includes/" and http.request.uri.path contains ".php") or (http.request.uri.path eq "/xmlrpc.php") or (http.request.uri.path contains "wp-config")

Block access to sensitive PHP-files

(http.request.full_uri contains "<?php") or (http.cookie contains "<?php") or (http.request.full_uri contains "../") or (http.request.full_uri contains "..%2F") or (http.request.uri contains "/autodiscover/") or (http.request.uri contains "/wpad.") or (http.request.full_uri contains "webconfig.txt") or (http.request.full_uri contains "vuln.") or (http.request.uri.query contains "base64") or (http.request.uri.query contains "<") or (http.request.uri.query contains "%3C") or (http.request.uri.query contains "%3c") or (http.request.uri.query contains "¼script¾") or (http.cookie contains "<script") or (http.referer contains "<script") or (http.request.uri.query contains "$_GLOBALS[") or (http.request.uri.query contains "$_REQUEST[") or (http.request.uri.query contains "$_POST[") or (http.request.uri.path contains ".env") or (http.request.uri.path contains "passwd") or (http.request.uri.path contains ".key") or (http.request.uri.path contains ".ini") or (http.request.uri.path contains ".inc") or (http.request.uri.path contains ".bak") or (http.request.uri.path contains ".config") or (http.request.uri.path contains ".conf") or (http.request.uri.path contains ".backup") or (http.request.uri.path contains ".svn") or (http.request.uri.path contains ".git") or (http.request.uri.path contains ".xsd") or (http.request.uri.path contains ".gitignore") or (http.request.uri.path contains "php-bak") or (http.request.uri.path contains "union%20select") or (http.request.uri.path contains "eval-stdin.php") or (http.request.uri.path contains "env.example")

Limit WP login locations

Example allow login only from Finland
(http.request.uri.path contains "wp-login" and ip.geoip.country ne "FI") or (http.request.uri.path contains "wp-admin" and ip.geoip.country ne "FI")