All Products
Search

This Product

    Edge Security Acceleration:Custom rules

    Document Center

    Edge Security Acceleration:Custom rules

    Last Updated:Dec 24, 2024

    Custom rules allow you to control user access to resources on your website. To create a custom rule for your website, specify the match conditions and action such as block or monitor that you want to perform on incoming requests that meet the conditions.

    Create a custom rule

    1. Log on to the ESA console.

    2. In the left-side navigation pane, click Websites.

    3. On the Websites page, find the website that you want to manage, and click the website name or View Details in the Actions column.

    4. In the left-side navigation tree, choose Security > WAF. The Custom Rules tab is displayed.

    5. On the Custom Rules tab, click Create Rule.

      • On the page that appears, specify Rule Name.

      • Specify the conditions for matching incoming requests in the If requests match... section. For more information about custom rules, see Custom rule parameters.

      • Specify the action you want to perform in the Then execute... section. For more information, see Actions.

    6. Click OK.

    Custom rule parameters

    You can create a custom rule when you set up a custom protection policy, or add a custom rule to an existing custom protection policy.

    Parameter

    Description

    Rule

    The name of the rule. The name can be up to 64 characters in length and can contain letters, digits, and underscores (_).

    Match Condition

    Specify the request characteristics for matching.

    Click Logical Expression to add a condition. You can add up to five match conditions to a rule.

    Each condition consists of a hostname, logic and the matching content. For information about match fields and logical operators, see Match conditions.

    Actions

    Parameter

    Description

    Action

    The action that you want WAF to perform if a request matches a protection rule. Valid values:

    • Block: blocks the request that matches the rule and returns a block page to the client that sent the request.

    • JS Challenge: WAF returns JavaScript code to the client. The JavaScript code can be automatically executed by the browsers that the client uses. If a client passes JavaScript verification, WAF allows requests from the client within a specified period of time. The client does not need to pass the verification again within the specified period of time. By default, WAF allows requests from the client within 30 minutes. If a client fails JavaScript verification, WAF blocks requests from the client.

    • Slider CAPTCHA: WAF returns pages that are used for slider CAPTCHA verification to the client. If a client passes common slider CAPTCHA verification, WAF allows requests from the client within a specified period of time. The client does not need to pass the verification again within the specified period of time. By default, WAF allows requests from the client within 30 minutes. If a client fails common slider CAPTCHA verification, WAF blocks requests from the client.

    • Monitor: records a request that matches the rule in logs without blocking the request. You can query logs of requests that match the rule and analyze the protection performance. For example, you can check whether normal requests are blocked based on the logs. If you select Monitor, you can check the protection performance of the rule. You can also check whether the rule blocks normal requests. Then, you can determine whether to set the Action parameter to Block.

      Note

      You can query logs only when the Log Service for WAF feature is enabled.

    Configuration examples

    The following figure shows a sample custom rule. This rule specifies that if the requested hostname is www.example.com and client IP address is 123.123.XX.XX, the request is blocked, and the default HTTP 403 error page is returned.

    image

    Feature availability

    Item

    Entrance

    Pro

    Premium

    Enterprise

    Custom rules

    3

    20

    100

    200