Stop R-U-Dead-Yet? (R.U.D.Y.) attacks
R-U-Dead-Yet (R.U.D.Y.) attacks accomplish denial of service (DoS) by submitting long form fields. Use custom rules to stop these attacks by blocking requests that do not have a legitimate session cookie.
This example combines three expressions to target HTTP POST requests that do not contain a legitimate authenticated session cookie:
-
The first expression uses the
http.request.uri.pathfield to target the paths to secure from R.U.D.Y.:http.request.uri.path matches "(comment|conversation|event|poll)/create" -
The second uses a regular expression to match the format of a legitimate
auth_sessioncookie. Thenotoperator targets requests where that cookie is not formatted correctly:not http.cookie matches "auth_session=[0-9a-zA-Z]{32}-[0-9]{10}-[0-9a-z]{6}" -
The third expression targets HTTP
POSTrequests:http.request.method eq "POST"
The three expressions are combined into a compound expression using the and operator. When an HTTP POST request to any of the specified URIs does not contain a properly formatted auth_session cookie, Cloudflare blocks the request:
- Expression:
(http.request.method eq "POST" and http.request.uri.path matches "(comment|conversation|event|poll)/create" and not http.cookie matches "auth_session=[0-9a-zA-Z]{32}-[0-9]{10}-[0-9a-z]{6}") - Action: Block
Was this helpful?
- Resources
- API
- New to Cloudflare?
- Products
- Sponsorships
- Open Source
- Support
- Help Center
- System Status
- Compliance
- GDPR
- Company
- cloudflare.com
- Our team
- Careers
- 2025 Cloudflare, Inc.
- Privacy Policy
- Terms of Use
- Report Security Issues
- Trademark