Use custom rules to define static traffic workflow. Rules allow you to fully control traffic in order to adapt the security policy in effect for enterprise constraints. Now you can easily configure Virtual Patches, Exception Rules, Access Rules and Control Rules as custom rules. Once created, you can assign one or more rules to a web application from within the web application wizard. Rules are executed in the order defined in web application settings.
We have provided various keys to form conditions for a rule.
Want to see all the available keys? Simply place the cursor in the When field, and press the down arrow key on your keyboard to get a list of all available keys. Syntax help is available for every key.
How do I get started? Press the Down arrow to see the available keys.
- Select a key like client.ip.address.
- Then select an operator (EQUAL, NOT.EQUAL, MATCH, NOT.MATCH, DETECT). See Custom Rules - DETECT operator.
Click here for more information on using the MATCH operator.
- Enter a value for your condition in double quotes. In this case we've entered an IP address.
- Press Enter to add your condition. It will look like this.
- Click the Add button to add another condition to your rule.
- Complete the steps to add conditions as needed.
Here's the conditions for the rule we just created:
client.ip.address EQUAL "172.26.10.123"
client.tcp.port EQUAL "45678"
transaction.day EQUAL "Sunday"
How does this rule work? The rule gets executed only when all conditions are met. Otherwise, the rule gets ignored. In the actions panel of the wizard, you tell us what action to take when events match the conditions in the rule.
Note: IN-RANGE and NOT.IN-RANGE operators accept only a comma as a delimiter. For example, request.header.cookie.count IN-RANGE "2,5".