#WAF: required header with secret value

2 messages · Page 1 of 1 (latest)

plush parrot Jun 17, 2024, 3:26 PM

no! that will not match if the user does not send authortization header at all

you need to not any(http.request.headers["authorization"][*] eq "Bearer SECRET_KEY")