This wizard lets you create rules to define static traffic workflow.
Want to create a new custom rule? Go to Security > Rules and click the New Custom Rule button.
Enter a unique name and provide a description (optional) for the WAF security rule.
When edit a rule, you can choose different owner. Initially, the user who creates a rule is the owner.
Tell us the conditions that form the rule and then define the specifications for the condition. We have made condition definition easier for you. When you type, you can simply choose from the list of values that we populate. You could add one or multiple conditions to a rule.
Tip: Place the cursor in the When field, and press the down arrow key on your keyboard to get a list of all available keys. Syntax help is available for every key.
Press enter to add the condition. Click Add to create a new condition.
Tutorial - How to add conditions for a rule
Tell us what action to take when events match the condition in the rule. Here's a brief description of each available action:
Allow - We'll allow access with security protections applied as normal.
Block - We will stop matching traffic at point of access and return blocked response.
Insert header - We will add an HTTP header to the response. You can add a security header which instructs the browser exactly how to behave when it handles your website’s content and data. An example of a security header could be an XFO header to mitigate clickjacking attacks: x-frame-options: SAMEORIGIN.
Rewrite header - We will set/modify an HTTP header present in the response.
Strip header - We will delete an HTTP header present in the response.
Redirect - Tell us the URL and we will redirect the traffic to the URL you specify.
Block with custom page - We will stop matching traffic at point of access and return a custom response. If you wish to use custom page, select Block with custom page from Action, and then select a custom response page that you have created. Click Edit to modify the selected custom response page, or click Create to add a new custom response page.
Log - Tell us if you want to log the events or not.