Haltdos User Guide
  • Introduction
  • Customer Portal
  • hdPlatform
    • Stacks
      • Stack Status
      • Events
      • Alarms
      • Analytics
      • Instance
        • Operational Settings
        • High Availiability
        • VRRP
        • Network Settings
          • Ethernet
          • Virtual LAN
          • Link Bonds
        • Routing
          • BGP
          • OSFP
          • RIP
        • Integration
          • SNMP
          • NTP
        • DHCP Settings
        • Virtual Machines
      • Integrations
        • Syslog
        • API Tokens
        • Webhooks
        • Threat Feeds
      • Resource Content
        • Cache Pools
        • Encryption Key
        • SSL Certificates
          • Lets Encrypt Certificates
        • Web pages
        • Client Certificates
        • Revocation List
        • Custom Scripts
      • Stack Settings
        • Backup Policy
        • AAA Policy
        • Reports
        • Scheduler
        • Dashboards
        • Config Synchronization
    • Status Page
    • Updates
    • E-Mail Integration (SMTP)
    • OS Templates
    • Virtualization
    • User Management
      • Access Control
      • Active Directory
      • Password Policy
      • Admin Users
    • User Profile
      • Change Password
      • Reset Password
    • Logs & Diagnostics
  • Deployment
    • Link Load Balancers (LLB)
      • Scenario 1
      • Scenario 2
      • Scenario 3
      • Scenario 4
    • Application Delivery Controller
      • Scenario 1
      • Scenario 2
      • Scenario 3
  • Solutions
    • Web Application Firewall (WAF)
      • Machine Learning
      • Listener
        • Settings
        • Profiles
          • Settings
          • Geo Filtering
          • Antivirus
          • Bot Protection
          • Policy
            • Web Policy
            • JSON Policy
            • XML Policy
          • Rules
            • Error Rules
            • Form Rules
            • Firewall Rules
            • Rate Limit Rules
            • Whitelist Rules
            • Response Rules
            • Behavior Rules
            • Tamper Rules
            • Correlation Rules
            • Deception Rules
            • Script Rules
            • Log Rules
          • Signatures
        • SSL Settings
        • Performance
          • Caching
          • Compression
          • RUM Metric
        • Server Groups
          • Servers
          • Load Balancing
        • Monitors
        • Rules
          • Error Rules
          • Header Rules
          • Redirection Rules
          • Variable Rules
          • Upstream Rules
        • Variables
        • Advanced Bot
        • Rule Staging
        • Virtual Patching
        • Learning
        • Auto-Profiling
      • User Groups
      • Incidents
      • Tools
        • Global Whitelist
        • FP Finder
        • Match Finder
    • Web Security Scanner
      • Scan Profiles
    • Anti-DDoS
      • Profile
        • General Settings
        • Detection
        • Connections
          • TCP Settings
          • TCP Shield
          • Aggressive Aging
        • Application
          • HTTP
          • DNS
          • Miscellaneous
        • Traffic shaping
        • Network Rules
        • Signature
      • Geo Inspection
      • Bot Protection
      • SSL Offloading
      • Cloud Signaling
      • Incidents
      • Advance Settings
        • Pattern Score
        • Top talkers
      • Cluster
    • Link Load Balancer (LLB)
      • LLB Settings
      • Interface Groups
      • Monitors
        • Monitor Scripts
      • Rules
        • Load Balancing
        • Source NAT
        • Destination NAT
        • Fixed Routing
        • Scenario 5
        • Policy Routing
        • Traffic Shaper / QoS
    • Application Delivery Controller (ADC/SLB)
      • Listeners
        • Listener Settings
        • SSL Settings
        • Geo Filtering
        • Server Groups
          • Servers
          • Load Balancing
          • SNMP
        • Monitors
        • Performance
        • Rules
          • Error Rules
          • Header Rules
          • Redirection Rule
          • Policy Rules
          • Upstream Rule
          • Rate Limit Rules
        • Action Scripts
      • Incidents
    • SSL VPN
      • Settings
        • General Settings
        • Networking
        • Security
      • VPN Users
      • VPN Group
    • Global Server Load Balancer (GSLB)
      • Listener
        • Operational
        • Geo Filtering
        • Zones
        • Monitors
        • Rules
      • Domain Filters
      • Sites
  • Knowledgebase
    • Platform
      • KB: 00003001
      • KB: 00003002
      • KB: 00003003
      • KB: 00003004
      • KB: 00003005
      • KB: 00003006
      • KB: 00003007
      • KB: 00003008
      • KB: 00003009
      • KB: 00003010
      • KB: 00003011
    • Web Application Firewall (WAF)
      • KB: 00001001
      • KB: 00001002
      • KB: 00001003
      • KB: 00001004
      • KB: 00001005
      • KB: 00001006
      • KB: 00001007
      • KB: 00001008
      • KB: 00001009
      • KB: 00001010
      • KB: 00001011
      • KB: 00001012
      • KB: 00001013
      • KB: 00001014
      • KB: 00001015
      • KB: 00001016
      • KB: 00001017
      • KB: 00001018
      • KB: 00001019
      • KB: 00001020
      • KB: 00001021
      • KB: 00001022
      • KB: 00001023
      • KB: 00001024
      • KB: 00001025
      • KB: 00001026
      • KB: 00001027
      • KB: 00001028
      • KB: 00001029
      • KB: 00001030
      • KB: 00001031
      • KB: 00001032
      • KB: 00001033
      • KB: 10001034
      • KB: 00001035
      • KB: 00001036
      • KB: 00001037
      • KB: 00001038
      • KB: 00001039
      • KB: 00001040
      • KB: 00001041
      • KB: 00001042
      • KB: 00001043
      • KB: 00001044
      • KB: 00001045
      • KB: 00001046
      • KB: 00001047
      • KB: 00001048
      • KB: 00001049
      • KB: 00001050
      • KB: 00001051
      • KB: 00001052
      • KB: 00001053
      • KB: 00001054
      • KB: 00001055
      • KB: 00001056
      • KB: 00001057
      • KB: 00001058
      • KB: 00001059
      • KB: 00001060
      • KB: 00001061
      • KB: 00001062
      • KB: 00001063
      • KB: 00001064
      • KB: 00001065
    • Application Delivery Controller
      • KB: 00002000
      • KB: 00002001
      • KB: 00002002
      • KB: 00002003
      • KB: 00002004
      • KB: 00002005
      • KB: 00002006
      • KB: 00002007
      • KB: 00002008
      • KB: 00002009
      • KB: 00002010
      • KB: 00002011
      • KB: 00002012
      • KB: 00002013
      • KB: 00002014
      • KB: 00002015
      • KB: 00002016
      • KB: 00002017
      • KB: 00002018
      • KB: 00002019
      • KB: 00002020
      • KB: 00002021
      • KB: 00002022
    • Global Server Load Balancing
      • KB: 00004001
      • KB: 00004002
      • KB: 00004003
      • KB: 00004004
      • KB: 00004005
      • KB: 00004006
      • KB: 00004007
      • KB: 00004008
      • KB: 00004009
  • Troubeshooting
    • Case: 00009001
    • Case: 00009002
    • Case: 00009003
    • Case: 00009004
    • Case: 00009005
    • Case: 00009006
    • Case: 00009007
  • Glossary
Powered by GitBook
On this page
  • Overview
  • How to use

Was this helpful?

  1. Solutions
  2. Web Application Firewall (WAF)
  3. Listener
  4. Profiles
  5. Rules

Script Rules

Developer Script provides a unique alternative approach for security that can deliver a useful additional layer of protection.

PreviousDeception RulesNextLog Rules

Last updated 3 years ago

Was this helpful?

Overview

Developer Script strategies will be implemented as a developer script rule. This rule is capable of customizing a script to interpret or managing specific requests.

The goal of the developer script is to deceive and manipulate the request on the basis of certain parameters inducing them to take actions that result in blocking the requests coming from them.

For the given URI, the developer script will be executed and if the condition matches the rule the appropriate action will be taken as per the rule. User can define their own logic which may not be present in the WAF rules and thus could mitigate the specific attack.

The developer script defines two phases:

  1. Request Phase: This developer script is executed before sending the request to web-servers.

  2. Response Phase: This developer script is executed after getting the response from the webservers and before reaching the web client.

The script for this rule is written in Lua scripting language. In this, we define the Lua script which will be executed for the required phase. In order to perform the action, the script must return 1 (Numeric) as a value. We also provide some utility methods such as MD5, Base64 encoding, and much more. We can access the Nginx variable too.

If somehow the script faces a compilation error, the script will fail to perform an action and the request will be processed.

The behavior of the script may vary for the following configurations:

  1. If the Temporary Blacklist value is set to 0, then the script will be ignored.

  2. If the action is set to No Action, then the script will be ignored.

  3. If multiple scripts are matched for the request URI, then the first matched script will be executed and other scripts will be ignored.

How to use

  1. Go to WAF > Listeners > Security Profiles > Rules > Developer Script Rules

  2. Click on Add Rule and set relevant parameters.

  3. Click on Save Changes.

PARAMETERS

ACCEPTED VALUES

Default Value

Rule Name

String

Name eg. Example Rule

Rule Message

String

Brief Description eg. This Rule is used for Allowing Example API

Rule Priority

Integer

0

Rule Phase

Choose from the drop-down

Request/Response

Rule Action

Choose from the drop-down

RECORD/DROP/TEMPORARY BLACKLIST/BYPASS/SEND CHALLENGE/NO ACTION

Specific URI

URI

None

Script

Lua language

None

Description:

Rule Name

Specify a rule name to identify the rule which is to be created. The rule name takes alpha-numeric input.

Rule Message

Specify a rule message containing a detailed description to identify the rule which is to be created.

Rule Priority

It is a numeric field that specifies the priority of the rule in which the rule will be executed while evaluating the request. The lower value of priority means it will be executed first while executing the type of rule. The default value Is 0.

URI

Specify the URI on which the tamper rule will be applied.

Method

Select the HTTP method for the rule to validate when matched with the request.

Evaluation Phase

Specify the phase for the rule i.e. Request/Response while evaluating the request.

Rule Action

Action that should be performed when the Rule Condition is Satisfied. The valid values for action are

  • NO ACTION : If the rule matches, no action will be taken.

  • DROP AND RECORD REQUEST : If the rule matches then drop & record the request

  • RECORD REQUEST: If the rule matches then put the request in record mode.

  • BYPASS REQUEST: If the rule matches put the request in BYPASS mode.

  • REDIRECT : If the rule matches, the request will be redirected to specified URI

  • SEND RESPONSE WITH STATUS CODE: If the rule matches, request will be responded wit status code

  • SEND CUSTOM RESPONSE : If the rule matches, custom respond will be send to user.

  • CHANGE RESPONSE CODE : If the rule matches, we can change the response code.

  • SEND CAPTCHA CHALLENGE: If the rule matches then send a captcha challenge to the user to validate the user is human or bot. And if the challenge fails then temporarily blacklist the user and if temp. Blacklist duration Is 0 then send him a challenge unless he passes the challenge, or the challenge duration expires.

  • TARPIT SRC IP : If the rule matches, source IP will be tarpit for the specified time.

  • TEMPORARY BLACKLIST SRC IP: If the rule matched temporarily blacklist the user IP. This will only work if you already have set a temporary blacklist duration else it will not be considered.

  • DROP: If the rule matches then drop the request.

Script

Specify the Lua script for the rule. The Lua script is a user-customized script that can be configured for mitigating real-time attacks.

Script Rules
Rule Scope
Developer's Script