Security Section Concepts
How Reblaze scrubs incoming traffic
Reblaze evaluates incoming traffic in a multi-stage filtering process. An HTTP/S request which passes all security tests will be forwarded to the backend.
This decision-making is done in several stages.
Stage | Comments |
Pre-Processing Cloud Functions | The Cloud Functions marked "Request Pre Reblaze" are executed. |
Quarantines & Dynamic Rules | Traffic from requestors that are currently on the Banlist or Blacklist is blocked. Other requestors are evaluated for potential addition to the Banlist using Dynamic Rules. |
Static Rules & Rate Limits | Requests that do not conform to specified size, time, and per-IP rate limits are blocked, according to the Advanced Frontend Settings for the application. |
Session Profiling | Reblaze assigns automatically-generated tags, and user-defined tags (configured in Tag Rules) to the requests. |
ACL Policies | ACL Policies are enforced. |
Rate Limits | Rate Limit Rules are enforced. |
Challenges | Verifies that requests are coming from humans. More information: The Challenge Process. |
Argument Analysis | Examination of characters in arguments. Possible results are to exempt a request from WAF filtering, to send the request to the WAF for inspection, or to block the request. More info: Args Analysis. |
WAF/IPS | The active WAF Policy is enforced, assuming that the request was not previously Bypassed in the ACL Policy. |
Post-Processing Cloud Functions | The Cloud Functions marked "Request Post Reblaze" are executed. |
