# Actions
## Overview
At various stages in the traffic filtering process, Link11 WAAP can execute an action according to the characteristics of the request. These actions are defined within **Actions**.
Out of the box, L11WAAP includes several default Actions for admins to select. Additional ones can also be defined.
## Usage within applications and APIs
Actions are available at various stages of the [traffic filtering process](/how-link11-waap-works/traffic-filtering-process.md), e.g. [Global Filters](/console-walkthrough/security/global-filters.md), [Rate Limit Rules](/console-walkthrough/security/rate-limit-rules.md), [ACL Profiles](/console-walkthrough/security/acl-policies.md), and [Content Filter Profiles](/console-walkthrough/security/content-filter/profiles.md).
As shown in the diagram below, different types of Actions can occur at various stages. An Action can terminate the processing of a request by blocking it, but other Actions (Skip, Challenge, and Monitor) are available as well, with different outcomes. See the description below of the [Type parameter](/console-walkthrough/security/actions.md#type).
## Administration
The main page lists all current Actions.
The administration (addition/deletion/editing/versioning) of Actions follows the conventions described [here](/how-link11-waap-works/ui-overview-and-common-elements.md#configuration-and-administration).
## Components
An Action consists of the following:
* The *Type* of the action
* Additional *Type*-specific parameters
* *Tag(s)* to attach to requests that triggered this action
* General parameters for administration
## Individual parameters
### Name
A name for this Action, to be used within the interface.
### Description
Information about this Action, for use within the interface.
### Type
This parameter will be one of the values below.
| Setting | Effect |
| ------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| **Skip** | Adds the tag(s) to the request, then skips the remainder of the traffic evaluation process (similar to the *Bypass* option in [ACL Profiles](/console-walkthrough/security/acl-policies.md#action-lists-and-some-typical-applications)). Note that any `Response` phase [Edge Functions](/console-walkthrough/sites/edge-functions.md) will still be executed (as they are not part of the evaluation process). |
| **Block** | Adds the tag(s) to the request, and sends a response to the user with the defined *Response headers*, *Status code*, and *Content*. |
| **Challenge** | Adds the tag(s) to the request, and issues a [bot challenge](/reference-information/hostile-bot-detection-lwcsi.md) to verify that the user is human. |
| **Interactive Challenge** | Adds the tag(s) to the request, and issues an [interactive challenge](/console-walkthrough/system/interactive-challenge.md) to verify that the user is human. |
| **Monitor** | Adds the tag(s) to the request, and continues to the next stage of [traffic processing](/how-link11-waap-works/traffic-filtering-process.md) without responding to the user. Admins can also define *Request headers* to add to the request as it is passed upstream. |
#### Prioritization
Sometimes Link11 WAAP must choose one of several potential Actions. For example, when a request matches the conditions for multiple [Global Filters](/console-walkthrough/security/global-filters.md), each Filter will include an Action. The system must execute the highest-priority one.
The priority hierarchy is, from highest to lowest:
* Skip
* Block
* Challenges (bot and/or interactive)
* Monitor
### Tags
A list of one or more tags, separated by spaces. When this Action is triggered, these tags will appear in the traffic logs.
### Request headers (only available for `monitor` Actions)
Additional header(s) to add to the request, which will be sent to the backend.
### Status code (only available for `block` Actions)
The status code returned to the user.
### Response Headers (only available for `block` Actions)
A list of header(s) to add to the response that is sent to the user, specified as the header name and its value. Example: `content-type` and `text/html`.
### Content (only available for `block` Actions)
The response sent to the user, of the appropriate format and type. Example: if there is a Request Header of `content-type` and `text/html`, then this should begin with `` and end with ``.
This field can contain tokens (preceded and followed by `%`, as shown in the example below), to customize the response sent to the client:
| Token | Comment |
| ------------ | ----------------------------------------------------------------------------------------------------------------------- |
| Client\_IP | The client's IP address |
| Timestamp | The request's timestamp |
| Status\_Code | The HTTP status code being returned to the client |
| Host\_Domain | Domain of the destination URL |
| Request\_ID | A unique identifier for the request, used internally by Link11 WAAP (and which also appears in the Events Log) |
| Session\_ID | A unique identifier for the client's session, used internally by Link11 WAAP (and which also appears in the Events Log) |
By default, Link11 WAAP comes with a rich HTML page, as shown in the screenshot above.
Here's an example of the *Content* for a simpler token-based response:
```
Access Denied
Request was:
received at %Timestamp%
from IP address %Client_IP%
sent to %Host_Domain%
and was answered with response code %Status_Code%.
```
---
# Agent Instructions: Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.
Perform an HTTP GET request on the current page URL with the `ask` query parameter:
```
GET https://waap.docs.link11.com/console-walkthrough/security/actions.md?ask=
```
The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.
Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.