Filter by Content
Blocking requests that do not conform to content policies
There are several ways to filter requests based on their content.
Custom Signatures are a powerful method for specifying content restrictions for traffic. They are included within ACL Policies, which are used within Profiles, which are assigned to various locations of your site/application at Settings->Web Proxy->Security Profiles.
A more direct method is to create content filters directly for a location. This too provides powerful filtering capabilities. Here's a comparison between this and Custom Signatures.
Both can deny requests based on their content.
Location-based filtering makes it easier to require certain content in incoming requests.
Location-based filtering is simpler when setting up different filters for different locations.
Custom Signatures are modular, and once defined, they can be re-used in multiple places throughout the interface. A location-based filter definition cannot do this. Instead, you have to manually define the filtering conditions for each location.
Dynamic Rules can be used to rate-limit a requestor, based on the content that is requested.
Args Analysis examines the characters found in arguments. Depending on its mode, it can block requests if unexpected characters are found, or pass them on to the WAF for further inspection. It can also act as an inverse content filter; those requests with arguments which contain only whitelisted characters can bypass WAF filtering.
Last updated