Content Filter Rules
Signatures of threats and other potential issues
Last updated
Was this helpful?
Signatures of threats and other potential issues
Last updated
Was this helpful?
A traditional WAF evaluates incoming requests according to a list of threat signatures, and flags the request if any matches are found.
Within Link11 WAAP, Content Filter Rules provide the equivalent of these signatures, although they are more powerful and flexible than those within a traditional WAF.
When a request undergoes the content filtering process, its content is compared to the Rules administered here. When a request matches a Rule, various tags will be attached to it. Those tags can be evaluated, and can cause actions to be taken on the request.
Content Filter Rules are defined globally within the system, and are available to all Content Filter Profiles.
The usage of Content Filter Profiles within applications and APIs is explained here.
The main page lists all current Content Filter Rules.
The administration (addition/deletion/editing/versioning) of Rules follows the conventions described here.
A Content Filter Rule consists of the following:
The signature for this Rule. Usually, this represents the characteristics that makes a request hostile. (Match)
Organizational parameters for the Rule (Category, Subcategory, Risk level)
Tags to apply to requests that match this Rule
Log message for requests that match this Rule (this field is not currently used, but will be in a pending release)
General parameters for administration (Name, Description)
A name for this Rule, to be used within the interface. A system tag (shown below the Tags field) will include it as well.
For the default Rules included with L11WAAP, the Names are numeric identifiers. (A production deployment will include a large number of Rules; therefore, they are usually organized/administered by their categories and subcategories.)
Information about this Rule, for use within the interface.
A general category for this Rule. It will be the basis for a system tag.
A subcategory for this Rule, within the general Category. It will be the basis for a system tag.
A number ranging from 1 (lowest threat) to 5 (highest threat). It will be the basis for a system tag.
A list of one or more tags, separated by spaces. Whenever this Content Filter Rule's Match condition matches a request, these tags will be attached.
In addition to these admin-defined tags, the system also shows some system tags that will be attached as well.
The tags are the basis for the decisions made when the applicable Content Filter Profile is evaluated for a request. They will also appear in the traffic logs.
(This field is not currently used, but will be in a pending release.) A message that will appear in the traffic logs when a request matches the Match condition.
The criteria against which incoming requests will be compared. For Content Filter rules only, regexps are of the hyperscan flavor (syntax).