Home

Custom Rules

Use custom rules to define static traffic workflow. Rules allow you to fully control traffic in order to adapt the security policy in effect for enterprise constraints. Now you can easily configure Virtual Patches, Exception Rules, Access Rules and Control Rules as custom rules. Once created, you can assign one or more rules to a web application from within the web application wizard. Rules are executed in the order defined in web application settings.

We have provided various keys to form conditions for a rule.

Want to see all the available keys? Simply place the cursor in the When field, and press the down arrow key on your keyboard to get a list of all available keys. Syntax help is available for every key.

 

How do I get started? Press the Down arrow to see the available keys.

The Rule Creation wizard showing keys and syntax help for keys.

How do I add a condition?

- Select a key like client.ip.address.

- Then select an operator (EQUAL, NOT.EQUAL, MATCH, NOT.MATCH, DETECT). See Custom Rules -  DETECT operator.

Click here for more information on using the MATCH operator.

The Rule Creation wizard showing available operators for the client.ip.address key in the Conditions tab.

 

- Enter a value for your condition in double quotes. In this case we've entered an IP address.

The Rule Creation wizard showing a value assigned to a sample condition in the Conditions tab.

 

- Press Enter to add your condition. It will look like this.

The Rule Creation wizard showing sample condition for the rule in the Conditions tab.

 

- Click the Add button to add another condition to your rule.

- Complete the steps to add conditions as needed.

The Rule Creation wizard showing multiple conditions for the rule in the Conditions tab.

 

Here's the conditions for the rule we just created:

client.ip.address EQUAL "172.26.10.123"

client.tcp.port EQUAL "45678"

transaction.day EQUAL "Sunday"

How does this rule work? The rule gets executed only when all conditions are met. Otherwise, the rule gets ignored. In the actions panel of the wizard, you tell us what action to take when events match the conditions in the rule.

Note: IN-RANGE and NOT.IN-RANGE operators accept only a comma as a delimiter. For example, request.header.cookie.count IN-RANGE "2,5".

More information on the rule creation wizard