acl test1 hdr_cnt() gt 60 is testing if there are more than 60 headers. I think any(len(http.request.headers.values[*])[*] gt 60) is testing if any header has a value greater than 60 bytes (Iâm not familiar with cloudflare though).
I think youâd either need to use a lua fetch to define this behaviour or use a regex like:
Thank you very much for your response. I tried your solution but still denying all the requests in that rule, but when using CF rule with deny it doesnât deny all requests.
Had to edit rule in which it worked 50% but still canât understand how CF is matching it.
Tried 60 but it is blocking total connection. CF seems to be matching GET Requests + HTTP Version with Header request size, meanwhile if you try rule on CF it doesnât deny all requests.
breakdown: (*CRLF) treat CRLF as the line ending (?m) enable multi-line mode ^[^:]+: match the beginning of the line, followed by one or more non-: characters, followed by a colon .{61,} match 61 or more characters $ match the end of the line (CRLF due to the CRLF line ending mode)