User-defined rules
Preface
The "User-defined rules" feature of the creoline WAF allows you to adapt the behavior of the WAF to your specific needs. Create your own rules to automatically allow or block requests based on various criteria.
Requirements
- creoline WAF
Definitions
Rule
A rule is a collection of so-called "or-groups" which, when fulfilled, result in a specific action. The action consists of either allowing, denying or forwarding to a JavaScript challenge of a request. The selected action is always applied if at least one OR group of the respective rule is fulfilled.
Or group
An Or-group is a collection of so-called "conditions".
An or-group is considered fulfilled if all conditions of the respective or-group occur simultaneously. If only some of the conditions of the or-group occur, it is not considered fulfilled. As a result, no action is triggered.
Conditions
A condition refers to a specific requirement that must be met.
Several conditions can also be linked together within an OR group in order to map complex requirements for the respective rule.
A condition is defined by a condition type, an operator and a value.
The following condition types are currently supported:
- ASN
- IP address
- Path
- User agent
- Country
- Continent
- Method
Rule management
Log in to your customer account at app.creoline.com and navigate to the menu item Web Application Firewall โ Name of your instance โ Custom Rules to configure or change your custom rules.
The WAF automatically updates the rule set of your instance after adding, editing or removing rules, or-groups or conditions.
It can take up to 60 seconds for changes to take effect.
Add
Click on Add rule in the top right-hand corner and specify a name, a description and the desired action to be performed when the rule takes effect.
By clicking on Add rule, the rule is created and an initial OR group is automatically created. You can add further OR groups by clicking on Add OR group.
Within an OR group, define the conditions that must be fulfilled for the OR group to take effect.
The OR group takes effect if all conditions of the OR group are fulfilled at the same time.
Edit rule
To edit a rule, click on the name of the rule to be edited.
By clicking on the pencil icon on the right-hand side, you can edit an OR group or the conditions within an OR group.
Remove rule
To remove a rule, click on the name of the rule to be edited, then on Settings โ Remove rule.
You can also click on the red trash can icon to remove only a specific OR group or a condition within an OR group.
Control objects
| Field | Example | Description |
|---|---|---|
| ASN | 205948 | Number of the ASN |
| IP address | 5.1.73.100 | IP address |
| User-Agent | Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/146.0.0.0 Safari/537.36 | Full User-Agent |
| Country | DE | ISO-3166-Code Alpha 2 |
| Continent | EU | ISO code |
| Path | /admin | Full path with query |
| method | GET | HTTP method |
List of countries and continents
https://de.wikipedia.org/wiki/ISO-3166-1-Kodierliste