Skip to main content

Create a Cloudflare WAF rule

Step 1: Create a WAF Rule to Match Sensitive URIs

  1. Log in to Cloudflare:
    • Go to Cloudflare and log in with your credentials.
  2. Select the Domain:
    • Choose the domain where your Laravel application is hosted.
  3. Navigate to the WAF Section:
    • Go to the Security tab and select WAF.
  4. Create a New WAF Rule:
    • Click on Create a Firewall Rule.
  5. Configure the Rule:
    • Rule Name: Give your rule a descriptive name, like Match Sensitive File Requests.
    • When incoming requests match…:
      • Use the Field dropdown to select URI Path.
      • Set the Operator to contains.
      • Add the sensitive paths you want to match: 
        (http.request.uri.path contains ".env") or
(http.request.uri.path contains "env")
  6. Choose the Action:
    • Set the action to Challenge.
  7. Deploy the Rule:
    • Save and deploy the rule.

Step 2: Set Up a Rate Limiting Rule

  1. Navigate to the Rate Limiting Section:
    • Go to the Rules tab and select Rate Limiting.
  2. Create a New Rate Limiting Rule:
    • Click on Create a Rate Limiting Rule.
  3. Configure the Rule:
    • Rule Name: Give your rule a descriptive name, like Rate Limit Sensitive File Requests.
    • When incoming requests match…:
      • Set the Field to URI Path.
      • Set the Operator to contains.
      • Add the path you want to match: 
        .env
    • Request URL: Match the request URL as per your need.
    • Threshold: Set to 10.
    • Period: Set to 10 minutes.
    • Action: Choose Block and set the duration for how long you want to block the IP, e.g., 1 hour.
  4. Deploy the Rule:
    • Save and deploy the rule.

Example WAF Rule Expression

Here’s how the WAF rule expression might look: 
(http.request.uri.path contains ".env") or
(http.request.uri.path contains "env")
OR 
(http.request.uri contains ".aws" or
http.request.uri contains ".env" or
http.request.uri contains ".log" or
http.request.uri contains "storage" or
http.request.uri contains ".svn" or
http.request.uri contains ".DS_Store" or
http.request.uri contains "backup" or
http.request.uri contains "phpinfo" or
http.request.uri contains ".htaccess" or
http.request.uri contains ".htpasswd" or
http.request.uri contains ".git" or
http.request.uri contains ".docker" or
http.request.uri contains ".vscode" or
http.request.uri contains ".ssh" or
http.request.uri contains "adminer.php" or
http.request.uri contains "node_modules" or
http.request.uri contains "error.log" or
http.request.uri contains "debug.log" or
http.request.uri contains ".config" or
http.request.uri contains ".idea" or
http.request.uri contains ".bash_history" or
http.request.uri contains ".bashrc" or
http.request.uri contains ".profile" or
http.request.uri contains ".db" or
http.request.uri contains ".sqlite" or
http.request.uri contains "phpMyAdmin" or
http.request.uri contains "/execute-solution")

Example Rate Limiting Rule

  • When incoming requests match…:
    • Field: URI Path
    • Operator: contains
    • Value: .env or env
  • Threshold: 10
  • Period: 10 minutes
  • Action: Block
  • Duration: 1 hour

Save and Apply

  • After configuring both the WAF and rate limiting rules, save and apply the changes.
These configurations will help you detect and block IPs that are attempting to access sensitive .env files or similar paths multiple times, enhancing the security of your Laravel application.