I am trying to add a rule in a Cloud Armor security police to block requests when request path has question mark after the root the root address.
I understand that "?" marks the end of the navigable part of the URL (the thing that tells your browser where to send you) and the beginning of tracking elements called query strings but "?" still shows up in log explorer logs in httpRequests's requestUrl so for example:
"https://test-26-09-2023.co.uk/?" or
"https://test-26-09-2023.co.uk/?test"
I've tried everything and nothing seems to work, last thing I tried is question mark in square brackets as it should be used according to RE2 docs, so
request.path.matches('^/[?][a-z0-9]*')
Is there a way to block paths that include "?" after the root url using Cloud Armor rule?
I've been using https://regex101.com/ and golang tab to test my expression.
For people who will look at this question in the future, turns out, since "?" is a separator that separates query strings, you can block them by blocking all query strings except some specific ones for example: