Haltdos User Guide
  • Introduction
  • Customer Portal
  • hdPlatform
    • Stacks
      • Stack Status
      • Events
      • Alarms
      • Analytics
      • Instance
        • Operational Settings
        • High Availiability
        • VRRP
        • Network Settings
          • Ethernet
          • Virtual LAN
          • Link Bonds
        • Routing
          • BGP
          • OSFP
          • RIP
        • Integration
          • SNMP
          • NTP
        • DHCP Settings
        • Virtual Machines
      • Integrations
        • Syslog
        • API Tokens
        • Webhooks
        • Threat Feeds
      • Resource Content
        • Cache Pools
        • Encryption Key
        • SSL Certificates
          • Lets Encrypt Certificates
        • Web pages
        • Client Certificates
        • Revocation List
        • Custom Scripts
      • Stack Settings
        • Backup Policy
        • AAA Policy
        • Reports
        • Scheduler
        • Dashboards
        • Config Synchronization
    • Status Page
    • Updates
    • E-Mail Integration (SMTP)
    • OS Templates
    • Virtualization
    • User Management
      • Access Control
      • Active Directory
      • Password Policy
      • Admin Users
    • User Profile
      • Change Password
      • Reset Password
    • Logs & Diagnostics
  • Deployment
    • Link Load Balancers (LLB)
      • Scenario 1
      • Scenario 2
      • Scenario 3
      • Scenario 4
    • Application Delivery Controller
      • Scenario 1
      • Scenario 2
      • Scenario 3
  • Solutions
    • Web Application Firewall (WAF)
      • Machine Learning
      • Listener
        • Settings
        • Profiles
          • Settings
          • Geo Filtering
          • Antivirus
          • Bot Protection
          • Policy
            • Web Policy
            • JSON Policy
            • XML Policy
          • Rules
            • Error Rules
            • Form Rules
            • Firewall Rules
            • Rate Limit Rules
            • Whitelist Rules
            • Response Rules
            • Behavior Rules
            • Tamper Rules
            • Correlation Rules
            • Deception Rules
            • Script Rules
            • Log Rules
          • Signatures
        • SSL Settings
        • Performance
          • Caching
          • Compression
          • RUM Metric
        • Server Groups
          • Servers
          • Load Balancing
        • Monitors
        • Rules
          • Error Rules
          • Header Rules
          • Redirection Rules
          • Variable Rules
          • Upstream Rules
        • Variables
        • Advanced Bot
        • Rule Staging
        • Virtual Patching
        • Learning
        • Auto-Profiling
      • User Groups
      • Incidents
      • Tools
        • Global Whitelist
        • FP Finder
        • Match Finder
    • Web Security Scanner
      • Scan Profiles
    • Anti-DDoS
      • Profile
        • General Settings
        • Detection
        • Connections
          • TCP Settings
          • TCP Shield
          • Aggressive Aging
        • Application
          • HTTP
          • DNS
          • Miscellaneous
        • Traffic shaping
        • Network Rules
        • Signature
      • Geo Inspection
      • Bot Protection
      • SSL Offloading
      • Cloud Signaling
      • Incidents
      • Advance Settings
        • Pattern Score
        • Top talkers
      • Cluster
    • Link Load Balancer (LLB)
      • LLB Settings
      • Interface Groups
      • Monitors
        • Monitor Scripts
      • Rules
        • Load Balancing
        • Source NAT
        • Destination NAT
        • Fixed Routing
        • Scenario 5
        • Policy Routing
        • Traffic Shaper / QoS
    • Application Delivery Controller (ADC/SLB)
      • Listeners
        • Listener Settings
        • SSL Settings
        • Geo Filtering
        • Server Groups
          • Servers
          • Load Balancing
          • SNMP
        • Monitors
        • Performance
        • Rules
          • Error Rules
          • Header Rules
          • Redirection Rule
          • Policy Rules
          • Upstream Rule
          • Rate Limit Rules
        • Action Scripts
      • Incidents
    • SSL VPN
      • Settings
        • General Settings
        • Networking
        • Security
      • VPN Users
      • VPN Group
    • Global Server Load Balancer (GSLB)
      • Listener
        • Operational
        • Geo Filtering
        • Zones
        • Monitors
        • Rules
      • Domain Filters
      • Sites
  • Knowledgebase
    • Platform
      • KB: 00003001
      • KB: 00003002
      • KB: 00003003
      • KB: 00003004
      • KB: 00003005
      • KB: 00003006
      • KB: 00003007
      • KB: 00003008
      • KB: 00003009
      • KB: 00003010
      • KB: 00003011
    • Web Application Firewall (WAF)
      • KB: 00001001
      • KB: 00001002
      • KB: 00001003
      • KB: 00001004
      • KB: 00001005
      • KB: 00001006
      • KB: 00001007
      • KB: 00001008
      • KB: 00001009
      • KB: 00001010
      • KB: 00001011
      • KB: 00001012
      • KB: 00001013
      • KB: 00001014
      • KB: 00001015
      • KB: 00001016
      • KB: 00001017
      • KB: 00001018
      • KB: 00001019
      • KB: 00001020
      • KB: 00001021
      • KB: 00001022
      • KB: 00001023
      • KB: 00001024
      • KB: 00001025
      • KB: 00001026
      • KB: 00001027
      • KB: 00001028
      • KB: 00001029
      • KB: 00001030
      • KB: 00001031
      • KB: 00001032
      • KB: 00001033
      • KB: 10001034
      • KB: 00001035
      • KB: 00001036
      • KB: 00001037
      • KB: 00001038
      • KB: 00001039
      • KB: 00001040
      • KB: 00001041
      • KB: 00001042
      • KB: 00001043
      • KB: 00001044
      • KB: 00001045
      • KB: 00001046
      • KB: 00001047
      • KB: 00001048
      • KB: 00001049
      • KB: 00001050
      • KB: 00001051
      • KB: 00001052
      • KB: 00001053
      • KB: 00001054
      • KB: 00001055
      • KB: 00001056
      • KB: 00001057
      • KB: 00001058
      • KB: 00001059
      • KB: 00001060
      • KB: 00001061
      • KB: 00001062
      • KB: 00001063
      • KB: 00001064
      • KB: 00001065
    • Application Delivery Controller
      • KB: 00002000
      • KB: 00002001
      • KB: 00002002
      • KB: 00002003
      • KB: 00002004
      • KB: 00002005
      • KB: 00002006
      • KB: 00002007
      • KB: 00002008
      • KB: 00002009
      • KB: 00002010
      • KB: 00002011
      • KB: 00002012
      • KB: 00002013
      • KB: 00002014
      • KB: 00002015
      • KB: 00002016
      • KB: 00002017
      • KB: 00002018
      • KB: 00002019
      • KB: 00002020
      • KB: 00002021
      • KB: 00002022
    • Global Server Load Balancing
      • KB: 00004001
      • KB: 00004002
      • KB: 00004003
      • KB: 00004004
      • KB: 00004005
      • KB: 00004006
      • KB: 00004007
      • KB: 00004008
      • KB: 00004009
  • Troubeshooting
    • Case: 00009001
    • Case: 00009002
    • Case: 00009003
    • Case: 00009004
    • Case: 00009005
    • Case: 00009006
    • Case: 00009007
  • Glossary
Powered by GitBook
On this page
  • Overview
  • How to Use:
  • Configurable Fields
  • Description

Was this helpful?

  1. Solutions
  2. Web Application Firewall (WAF)
  3. Listener
  4. Profiles
  5. Rules

Firewall Rules

These rules (Negative Security Model) allow you to create custom security rules as per application logic

PreviousForm RulesNextRate Limit Rules

Last updated 3 years ago

Was this helpful?

Overview

A Firewall Rule is used to set up regulations on a particular domain. When a request is made to that domain, the WAF checks for the violation of a rule and carries out the appropriate action that is configured by the User.

The following actions are available to the User :

  1. DROP & RECORD REQUEST - If the Request to the subscribed domain matches the Firewall Rule, an event is generated but the request will not be allowed through the WAF.

  2. RECORD REQUEST - An event is generated whenever the Request satisfies the Rule, but whenever the request passes through other rules its events are logged by Haltdos.

  3. BYPASS REQUEST - If the Request tests positive for the rule, no other rule is tested and the Request will be allowed through the WAF.

  4. TEMPORARY BLACKLIST SOURCE IP - If the request satisfies the rule, then the user is temporarily blacklisted.

  5. REDIRECT - If the request satisfies the rule, then the user is redirected to another page.

  6. SEND CAPTCHA CHALLENGE - If the request satisfies the rule, then the user receives a challenge like a captcha.

  7. SEND RESPONSE WITH STATUS CODE - If the request satisfies the rule, a custom HTML response will be returned with a status code.

  8. SEND CUSTOM RESPONSE - If the request satisfies the rule, a custom HTML response will be returned.

  9. CHANGE RESPONSE CODE - If the request satisfies the rule, the user can change the response code, and the changed response code will be sent back.

  10. TARPIT SRC. IP - If the request satisfies the rule, the end-user IP will be tarpit.

  11. NO ACTION - If the request satisfies the rule, then no action will be performed on the current request.

  12. SKIP LEARNING -If the request satisfies the rule, then no learning will be performed on the current request.

  13. SEND EMPTY RESPONSE - If the request satisfies the rule, the end-user will get empty response / blank page in return.

How to Use:

  1. Go to WAF > Listener > Security Profiles > Rules > Firewall Rules

  2. Click on the Add Rule Button and a pop-up box will open.

  3. Configure the fields that are present.

  4. Click on Save Changes and the rule will be reflected.

Configurable Fields

PARAMETERS

DESCRIPTION

ACCEPTED VALUES

Rule Name

Name For the Configured Rule

Name eg. Example Rule

Rule Message

Description For the Rule

Brief Description eg. This Rule is used for Allowing Example API

Rule Priority

Priority for the rule

Integer

Rule Action

Action that should be performed when the Rule Condition is Satisfied

Any action from the Drop Down List

Specific URI

URI on which this Rule has to be applied

Valid URI eg. /login

Method

Choose from the drop-down (eg. Get)

Drop Down List

Match Pattern

The Pattern to be searched at the specified location.

String

Match Condition

Choose from the drop-down (eg. pattern match)

Drop Down List

Location

Location of the entity

Any value from the Drop Down List

Value

Value at the Location that has to be checked

The Value that you want to match at the specific location

All fields are required unless disabled by the UI. The default location is the URL.

Description

Rule Name

Specify a rule name to identify the rule which is to be created. The rule name takes alpha-numeric input.

Rule Message

Specify a rule message containing a detailed description to identify the rule which is to be created.

Rule Priority

Specify the priority for the rule for execution when matched with the request.

Rule Action

Specify the action to be taken for the request matched i.e. No Action, Drop, Record, Bypass, Redirect, Temporary Blacklist, Send Challenge, Skip Learning.

Specific URI

Specify the URI on which the firewall rule will be applied.

  • Example /login

Method

Specify the HTTP method on which the rule will be applied i.e. All, GET, POST, PUT, DELETE, HEAD, OPTIONS.

Match Condition

This drop-down allows to set the match condition i.e. Pattern Match or Pattern Not Match for the request.

Match Pattern

Specify the keyword to match when the rule is invoked. The entered value can be a regex pattern.

Find Location

Users can define the source location where this condition needs to be applied.

Variable

Users can select the variable.

Match Condition

The user can define the match condition for the parameter and match value.

Match Value

The user can define what value needs to be matched with the match condition.

Firewall Rules
Firewall Rules - Conditions