May 11 2023
Apr 18 2023
No one understands your traffic better than you. That’s why StackPath Web Application Firewall (SP// WAF) has always included the ability for users to create and manage custom rules for their WAF sites.
We’ve recently added more WAF rule options that give you even finer control over your traffic—tag-based and tag-generating rules. Let me tell you what they are and how they work. But first, let’s take a quick walk through the kinds of rules our WAF provides—Standard Policies, Custom Rules, and Advanced Rules.
All levels of SP// WAF (Essential, Professional, and Enterprise) let you protect your traffic with a comprehensive set of standard policies designed by our security analysts. They include protections from the OWASP Top 10 Threats, bot-protection, and more, and our team is constantly optimizing and adding to this list. And though they are standard, it’s still easy to toggle these policies on and off as you desire
Also available with all levels of SP// WAF is the ability to create your own rules with our easy-to-use Custom Rules Editor. Just choose and configure one or more trigger variables to the desired action.
Triggers | Actions |
---|---|
IP address | block traffic |
IP address range | allow traffic |
URL | require Captcha validation |
user agent | require JavaScript validation |
header | monitor traffic |
HTTP method | |
file extension | |
content type | |
country | |
organization |
Available only with SP// WAF Enterprise, our Advanced Rules lets you create sophisticated traffic triggers and actions using Common Expression Language (CEL), using the SP// WAF API. Advanced Rules is ideal for businesses with precise security needs and strong technical teams of their own.
But that wasn’t enough customizability, as far as we were concerned. We recently added to Custom Rules so that you can, you know, rule.
The Custom Rules Editor has a new trigger variable: “tag.” Our security team has curated a list of tags that SP// WAF automatically applies to traffic based on certain parameters. Just match a tag with an action. All levels of SP// WAF include selected number of tag-based Custom Rules.
SP// WAF Professional and SP// WAF Enterprise now can create rules that trigger a custom tag to be generated and applied to their requests. Those custom tags can then be used in tag-based rules; you’re not limited to the tags our team curates.
For the visual learners among us:
So, tag—you’re it. Give the new Custom Rules options a try and see how easy it can be to personalize the protection you give your web presence. In the meantime, we’ll keep coming up with more ideas that let you have your WAF your way.