Security Section Concepts
How Reblaze scrubs incoming traffic
Last updated
Was this helpful?
How Reblaze scrubs incoming traffic
Last updated
Was this helpful?
When Reblaze receives an incoming request, it decides whether to pass the request through to the upstream server, or block it.
This decision-making is done in several stages.
Stage
Comments
Quarantines and Dynamic Rules
Static Rules and Rate Limits
ACLs
Rate Limits
Challenges
Content Filtering
Argument Analysis
WAF/IPS Policies
Some of the criteria for the decisions are global. In other words, they apply throughout your entire planet. For example, the settings in the Static Rules section are globally applicable, and do not change depending on the context of the request. They will be applied to all traffic for all resources within your planet.
Conversely, some criteria are non-global, and they do depend on the context. For example, you can assign different security rulesets for different resources or locations within your planet. In other words, you can assign different rules to specific domains, subdomains, folders, filetypes, etc.
These non-global criteria are primarily defined within the Profiles section. They have their own structure, explained in more detail in that section of this Manual (see especially the Profile Concepts page).
Once Profiles are defined, they are available to be assigned to specific resources/locations within your planet. Those assignments are done in the Settings->Web Proxy->Security Profiles section.
Traffic from requestors that are currently on the or is blocked. Other requestors are evaluated for potential addition to the Banlist using .
Requests that do not conform to specified size, time, and rate limits are blocked. More information:
Filtering based on , including .
Enforces rate limits defined for specific locations/resources within the planet. More information: .
Verifies that requests are coming from humans. More information: .
Blocks requests that do not conform to specified rulesets for required or disallowed content. This is the location-based filtering described in .
Examination of characters in arguments. Possible results are to exempt a request from WAF filtering, to send the request to the WAF for inspection, or to block the request. More info: .
Blocks requests that do not conform to the settings.
