I was trying to make an acl rule in waf2 which allows only a regex matched cookie value, but only if the cookie exists.
sadly, this type of conditional rule aren't possible and I tried many ways and regex tricks with no luck.
The same for any other header, for example a X-Csrf-Token, I would like to validate it (format) but for the very first request on the site this header will not exists, hence the request will be blocked.
Am I doing and/or thinking this wrong?, I can't believe that a very common sense rule like those are so hard to create.
Thanks!
0 Answers