Actions
Actions to perform in response to traffic analysis

Overview
At various stages in the traffic filtering process, Link11 WAAP can execute an action according to the characteristics of the request. These actions are defined within Actions.
Out of the box, L11WAAP includes several default Actions for admins to select. Additional ones can also be defined.
Usage within applications and APIs
Actions are available at various stages of the traffic filtering process, e.g. Global Filters, Rate Limit Rules, ACL Profiles, and Content Filter Profiles.
As shown in the diagram below, different types of Actions can occur at various stages. An Action can terminate the processing of a request by blocking it, but other Actions (Skip, Challenge, and Monitor) are available as well, with different outcomes. See the description below of the Type parameter.

Administration
The main page lists all current Actions.
The administration (addition/deletion/editing/versioning) of Actions follows the conventions described here.
Components
An Action consists of the following:
The Type of the action
Additional Type-specific parameters
Tag(s) to attach to requests that triggered this action
General parameters for administration
Individual parameters

Name
A name for this Action, to be used within the interface.
Description
Information about this Action, for use within the interface.
Type
This parameter will be one of the values below.
Skip
Adds the tag(s) to the request, then skips the remainder of the traffic evaluation process (similar to the Bypass option in ACL Profiles). Note that any Response
phase Edge Functions will still be executed (as they are not part of the evaluation process).
Block
Adds the tag(s) to the request, and sends a response to the user with the defined Response headers, Status code, and Content.
Challenge
Adds the tag(s) to the request, and issues a bot challenge to verify that the user is human.
Interactive Challenge
Adds the tag(s) to the request, and issues an interactive challenge to verify that the user is human.
Monitor
Adds the tag(s) to the request, and continues to the next stage of traffic processing without responding to the user. Admins can also define Request headers to add to the request as it is passed upstream.
Prioritization
Sometimes Link11 WAAP must choose one of several potential Actions. For example, when a request matches the conditions for multiple Global Filters, each Filter will include an Action. The system must execute the highest-priority one.
The priority hierarchy is, from highest to lowest:
Skip
Block
Challenges (bot and/or interactive)
Monitor
Tags
A list of one or more tags, separated by spaces. When this Action is triggered, these tags will appear in the traffic logs.
Request headers (only available for monitor
Actions)
monitor
Actions)Additional header(s) to add to the request, which will be sent to the backend.
Status code (only available for block
Actions)
block
Actions)The status code returned to the user.
Response Headers (only available for block
Actions)
block
Actions)A list of header(s) to add to the response that is sent to the user, specified as the header name and its value. Example: content-type
and text/html
.
Content (only available for block
Actions)
block
Actions)The response sent to the user, of the appropriate format and type. Example: if there is a Request Header of content-type
and text/html
, then this should begin with <html>
and end with </html>
.
This field can contain tokens (preceded and followed by %
, as shown in the example below), to customize the response sent to the client:
Client_IP
The client's IP address
Timestamp
The request's timestamp
Status_Code
The HTTP status code being returned to the client
Host_Domain
Domain of the destination URL
Request_ID
A unique identifier for the request, used internally by Link11 WAAP (and which also appears in the Events Log)
Session_ID
A unique identifier for the client's session, used internally by Link11 WAAP (and which also appears in the Events Log)
By default, Link11 WAAP comes with a rich HTML page, as shown in the screenshot above.
Here's an example of the Content for a simpler token-based response:
Access Denied
Request was:
received at %Timestamp%
from IP address %Client_IP%
sent to %Host_Domain%
and was answered with response code %Status_Code%.
Last updated
Was this helpful?