# Actions
## Overview
At various stages in the traffic filtering process, Link11 WAAP can execute an action according to the characteristics of the request. These actions are defined within **Actions**.
Out of the box, L11WAAP includes several default Actions for admins to select. Additional ones can also be defined.
## Usage within applications and APIs
Actions are available at various stages of the [traffic filtering process](https://waap.docs.link11.com/how-link11-waap-works/traffic-filtering-process), e.g. [Global Filters](https://waap.docs.link11.com/console-walkthrough/security/global-filters), [Rate Limit Rules](https://waap.docs.link11.com/console-walkthrough/security/rate-limit-rules), [ACL Profiles](https://waap.docs.link11.com/console-walkthrough/security/acl-policies), and [Content Filter Profiles](https://waap.docs.link11.com/console-walkthrough/security/content-filter/profiles).
As shown in the diagram below, different types of Actions can occur at various stages. An Action can terminate the processing of a request by blocking it, but other Actions (Skip, Challenge, and Monitor) are available as well, with different outcomes. See the description below of the [Type parameter](#type).
## Administration
The main page lists all current Actions.
The administration (addition/deletion/editing/versioning) of Actions follows the conventions described [here](https://waap.docs.link11.com/how-link11-waap-works/ui-overview-and-common-elements#configuration-and-administration).
## Components
An Action consists of the following:
* The *Type* of the action
* Additional *Type*-specific parameters
* *Tag(s)* to attach to requests that triggered this action
* General parameters for administration
## Individual parameters
### Name
A name for this Action, to be used within the interface.
### Description
Information about this Action, for use within the interface.
### Type
This parameter will be one of the values below.
| Setting | Effect |
| ------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| **Skip** | Adds the tag(s) to the request, then skips the remainder of the traffic evaluation process (similar to the *Bypass* option in [ACL Profiles](https://waap.docs.link11.com/console-walkthrough/acl-policies#action-lists-and-some-typical-applications)). Note that any `Response` phase [Edge Functions](https://waap.docs.link11.com/console-walkthrough/sites/edge-functions) will still be executed (as they are not part of the evaluation process). |
| **Block** | Adds the tag(s) to the request, and sends a response to the user with the defined *Response headers*, *Status code*, and *Content*. |
| **Challenge** | Adds the tag(s) to the request, and issues a [bot challenge](https://waap.docs.link11.com/reference-information/hostile-bot-detection-lwcsi) to verify that the user is human. |
| **Interactive Challenge** | Adds the tag(s) to the request, and issues an [interactive challenge](https://waap.docs.link11.com/console-walkthrough/system/interactive-challenge) to verify that the user is human. |
| **Monitor** | Adds the tag(s) to the request, and continues to the next stage of [traffic processing](https://waap.docs.link11.com/how-link11-waap-works/traffic-filtering-process) without responding to the user. Admins can also define *Request headers* to add to the request as it is passed upstream. |
#### Prioritization
Sometimes Link11 WAAP must choose one of several potential Actions. For example, when a request matches the conditions for multiple [Global Filters](https://waap.docs.link11.com/console-walkthrough/security/global-filters), each Filter will include an Action. The system must execute the highest-priority one.
The priority hierarchy is, from highest to lowest:
* Skip
* Block
* Challenges (bot and/or interactive)
* Monitor
### Tags
A list of one or more tags, separated by spaces. When this Action is triggered, these tags will appear in the traffic logs.
### Request headers (only available for `monitor` Actions)
Additional header(s) to add to the request, which will be sent to the backend.
### Status code (only available for `block` Actions)
The status code returned to the user.
### Response Headers (only available for `block` Actions)
A list of header(s) to add to the response that is sent to the user, specified as the header name and its value. Example: `content-type` and `text/html`.
### Content (only available for `block` Actions)
The response sent to the user, of the appropriate format and type. Example: if there is a Request Header of `content-type` and `text/html`, then this should begin with `` and end with ``.
This field can contain tokens (preceded and followed by `%`, as shown in the example below), to customize the response sent to the client:
| Token | Comment |
| ------------ | ----------------------------------------------------------------------------------------------------------------------- |
| Client\_IP | The client's IP address |
| Timestamp | The request's timestamp |
| Status\_Code | The HTTP status code being returned to the client |
| Host\_Domain | Domain of the destination URL |
| Request\_ID | A unique identifier for the request, used internally by Link11 WAAP (and which also appears in the Events Log) |
| Session\_ID | A unique identifier for the client's session, used internally by Link11 WAAP (and which also appears in the Events Log) |
By default, Link11 WAAP comes with a rich HTML page, as shown in the screenshot above.
Here's an example of the *Content* for a simpler token-based response:
```
Access Denied
Request was:
received at %Timestamp%
from IP address %Client_IP%
sent to %Host_Domain%
and was answered with response code %Status_Code%.
```
