WAF Rule Builder

Compose conditions visually and export to Cloudflare expression, ModSecurity SecRule, and NGINX/Lua simultaneously.

Conditions

Path portion of the request URI.

Action

Return a 403 and stop the request.

Saved rules (0)

No saved rules yet. Build a rule and press Save.

Cloudflare

Custom rule expression

# Action: Block
# Paste the expression below into a Cloudflare custom rule (Security → WAF → Custom rules).

http.request.uri.path contains "/wp-login.php"

ModSecurity

SecRule syntax

SecRule REQUEST_FILENAME "@contains /wp-login.php" "id:100000,phase:2,t:none,deny,status:403,msg:'Custom WAF rule match'"

NGINX + Lua

access_by_lua_block

# Requires OpenResty / ngx_http_lua_module.
location / {
    access_by_lua_block {
        if (string.find(ngx.var.uri, "/wp-login.php", 1, true) ~= nil) then
        ngx.log(ngx.WARN, "WAF block: ", ngx.var.request_uri)
        return ngx.exit(403)
        end
    }
}