We’re getting a ton of traffic from a fraudulent URL, across many IPs and 5+ countries.
They all have the same http_referer URL though (example.com for the purpose of this post).
Is there a way to configure a custom firewall rule to challenge by http_referer? I don’t see http_referer in the list of “If” dropdowns in the custom rule query.
Are there other workarounds? Ideally we don’t need to turn on a bunch of country-level challenges.
The Vercel WAF Rule Configuration Reference page lists all currently available options. You can also implement some access restriction using Edge Middleware.
With middleware, you could check the request properties to get the referrer and direct the request to an appropriate page based on that value. We have some examples of similar scenarios here: Vercel Edge Middleware Examples | Vercel – Vercel
This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.
Hey, @matt-learnontilc! We also just released a WAF template in case it’s helpful for you: Emergency Redirect Firewall Rule – Vercel