Security Section Concepts
How Reblaze scrubs incoming traffic
How Reblaze scrubs incoming traffic
Reblaze evaluates incoming traffic in a multi-stage filtering process. An HTTP/S request which passes all security tests will be forwarded to the backend.
This decision-making is done in several stages.
Stage
Comments
Pre-Processing Cloud Functions
The Cloud Functions marked "Request Pre Reblaze" are executed.
Quarantines & Dynamic Rules
Traffic from requestors that are currently on the Banlist or Blacklist is blocked. Other requestors are evaluated for potential addition to the Banlist using Dynamic Rules.
Static Rules & Rate Limits
Requests that do not conform to specified size, time, and per-IP rate limits are blocked, according to the Advanced Frontend Settings for the application.
Session Profiling
Reblaze assigns automatically-generated tags, and user-defined tags (configured in Tag Rules) to the requests.
ACL Policies
ACL Policies are enforced.
Rate Limits
Rate Limit Rules are enforced.
Challenges
Verifies that requests are coming from humans. More information: The Challenge Process.
Argument Analysis
Examination of characters in arguments. Possible results are to exempt a request from WAF filtering, to send the request to the WAF for inspection, or to block the request. More info: Args Analysis.
WAF/IPS
The active WAF Policy is enforced, assuming that the request was not previously Bypassed in the ACL Policy.
Post-Processing Cloud Functions
The Cloud Functions marked "Request Post Reblaze" are executed.
