Adding a Request Control Rule to a Web Application Firewall Policy

Add a request control rule to allow, check, and return HTTP requests to a web application firewall (WAF) policy.

Using the Console

  1. On the Policies list page, select the WAF policy that you want to add the rule to. If you need help finding the list page or the policy, see Listing Web Application Firewall Policies.
  2. On the WAF policy's details page, under Policy, select Access control.
  3. Under Access control, select Request control.
  4. Select Manage request control.
  5. In the Manage request control window, select Add access rule.
  6. In the Add rule panel, enter the following information:
    • Name: Enter a name for the access rule.

    • Conditions: Specify the prerequisite conditions that must be met for the rule action to occur.

    • Rule action: Select an existing rule to follow when the preceding conditions are met, or select Create new action to add one.
      • Pre-configured Check Action: Allows the running of rules and generates a log message documenting the result.
      • Pre-configured Allow Action: Skips all remaining rules in the current module.
      • Pre-configured 401 Response Code Action: Returns a defined HTTP response. The response code configuration (headers and response page body) determines the HTTP response that's returned when this action is run.
        • Select Show header details to display the HTTP response headers specified in the selected Return HTTP response action.

        • Select Show response page body details to display the HTTP response body specified in the selected "Return HTTP response" action.

          For more information, see Actions for Web Application Firewalls.

  7. Select Add access rule.
  8. In the Manage request control window, select Save changes.