Tag Rules

Overview

Early in the traffic evaluation process (immediately after evaluation of Quarantines and Dynamic Rules), Reblaze can assign one or more Tags to an incoming request. Subsequently, the Tags can be used to make decisions about how the request is processed. After processing, a request's Tags remain associated with it, and they are available for display in the View Log.

This page allows you to administer Tag Rules, which are combinations of Tags and the criteria for assigning them to requests.

The actions that can be performed as a result of the Tag assignments are administered separately, in ACL Policies.

Each Tag Rule consists of:

Match conditions: A list of possible characteristics that a request can match (e.g., a list of IP addresses that it might originate from), plus the logical operator to use when evaluating the match.
One or more Tags to assign when a match occurs.

For each request, Reblaze will evaluate all active Profiles. A single request will receive Tags from all Profiles which match it.

Two Types of Tag Rules

Tag Rules can be either Internet-sourced or self-managed.

Internet-sourced Rules are based upon online lists (e.g., Spamhaus DROP lists). These lists are not editable within the interface, because they are obtained automatically; Reblaze updates them every 24 hours. You can also trigger an immediate update via the "update now" button.
Self-managed Rules are created manually. These lists are fully editable within the interface.

Administration

At the top of the page, the pulldown list specifies the Rule currently being displayed for editing. Next to it are four buttons: Fork (to create a copy of the profile being displayed), Download, Add, and Save.

Adding a Tag Rule

To add a Tag Rule, either:

Create a new one by selecting the "Add" buttonin the top right of the page.
Duplicate an existing one with the Fork button.

The new Rule will be displayed for editing:

Enter values into the following fields:

Name. A description that will be displayed within the Reblaze interface.
Tags. One or more Tags (separated by spaces) that will be assigned to requests if the match conditions are fulfilled. Example: internal team-devops
Active. By default, this Profile will be applied to incoming requests. To prevent this, unselect the checkbox.
Notes: An optional field for including information about this Profile.

Next, specify the match conditions, as discussed below.

When all match conditions have been specified, be sure to select the Save buttonon the upper right part of the page, to save the new Profile.

Specifying Match Conditions

Match conditions consist of two parts:

A list of one or more criteria to match. The list will be entered differently for the two types of Tag Rules.
The logical condition to apply (either OR or AND), specified in the Entries Relation pulldown

Match Criteria for an Internet-sourced Profile

For a Profile based on an online source, simply enter its URL into the Source field. For example, to create a list based on the Spamhaus ASN DROP list, you would enter https://www.spamhaus.org/drop/asndrop.txt, and then select the "update now" button. Reblaze will then populate the list automatically.

If the list contains more than category--which is unlikely for an Internet-sourced Profile, but not impossible--also choose the appropriate value for Entries Relation, as discussed below.

At this point, the new Profile should be complete. Before exiting the page, be sure to save your work.

Match Criteria for a Self-Managed Profile

To add a match criterion, select the "+" button at the top of the criteria list. The following dialog will appear.

For most of the categories, the dialog will appear as it is above. Multiple entries can be made at once, with each entry on a separate line. Each line contains the value, plus a pound sign (#) followed by an annotation (a label for display within the Reblaze interface). Example:

For some categories, one entry can be made at a time, with each entry requiring multiple lines. Annotations are not preceded by a pound sign.

Match criteria are case-sensitive.

Here are some sample entries for the various categories. Notice that the logical operators are available.

Once created, these entries cannot be edited. If one needs to be modified, remove it and re-create it.

The Entries Relation Field

This specifies the logical operation used when evaluating a request against the match criteria.

When all the match criteria are in the same category, the operation is OR. For a request x and list of criteria a, b, c , then the evaluation will be (x==a) OR (x==b) OR (x==c) For example, if the match criteria are all IP addresses, then a match will occur if the request matches any of the IPs in the list.

When there are two or more categories, the default operation is still OR (in which case, a match will occur if the request matches any of the criteria in the list). However, when there are multiple categories, you can select AND instead. In this case, OR will still apply within each category, while AND will apply between the categories. Thus, for one list a, b, c and a second list i, j, k , the evaluation will be ((x==a) OR (x==b) OR (x==c)) AND ((x==i) OR (x==j) OR (x==k)). For example, if the match criteria are IP addresses and headers, then a match will occur if the request matches any of the IPs and any of the headers, but it will not occur if it matches an IP but none of the headers.

PreviousArgs Analysis NextRate Limiting

Last updated 2 years ago