Actions

Actions to perform in response to traffic analysis

Overview

At various stages in the traffic filtering process, Link11 WAAP can execute an action according to the characteristics of the request. These actions are defined within Actions.

Out of the box, L11WAAP includes several default Actions for admins to select. Additional ones can also be defined.

Usage within applications and APIs

Actions are available at various stages of the traffic filtering process, e.g. Global Filters, Rate Limit Rules, ACL Profiles, and Content Filter Profiles.

As shown in the diagram below, different types of Actions can occur at various stages. An Action can terminate the processing of a request by blocking it, but other Actions (Skip, Challenge, and Monitor) are available as well, with different outcomes. See the description below of the Type parameter.

Administration

The main page lists all current Actions.

The administration (addition/deletion/editing/versioning) of Actions follows the conventions described here.

Components

An Action consists of the following:

  • The Type of the action

  • Additional Type-specific parameters

  • Tag(s) to attach to requests that triggered this action

  • General parameters for administration

Individual parameters

Name

A name for this Action, to be used within the interface.

Description

Information about this Action, for use within the interface.

Type

This parameter will be one of the values below.

Setting
Effect

Skip

Adds the tag(s) to the request, then skips the remainder of the traffic evaluation process (similar to the Bypass option in ACL Profiles). Note that any Response phase Edge Functions will still be executed (as they are not part of the evaluation process).

Block

Adds the tag(s) to the request, and sends a response to the user with the defined Response headers, Status code, and Content.

Challenge

Adds the tag(s) to the request, and issues a bot challenge to verify that the user is human.

Interactive Challenge

Adds the tag(s) to the request, and issues an interactive challenge to verify that the user is human.

Monitor

Adds the tag(s) to the request, and continues to the next stage of traffic processing without responding to the user. Admins can also define Request headers to add to the request as it is passed upstream.

Prioritization

Sometimes Link11 WAAP must choose one of several potential Actions. For example, when a request matches the conditions for multiple Global Filters, each Filter will include an Action. The system must execute the highest-priority one.

The priority hierarchy is, from highest to lowest:

  • Skip

  • Block

  • Challenges (bot and/or interactive)

  • Monitor

Tags

A list of one or more tags, separated by spaces. When this Action is triggered, these tags will appear in the traffic logs.

Request headers (only available for monitor Actions)

Additional header(s) to add to the request, which will be sent to the backend.

Status code (only available for block Actions)

The status code returned to the user.

Response Headers (only available for block Actions)

A list of header(s) to add to the response that is sent to the user, specified as the header name and its value. Example: content-type and text/html.

Content (only available for block Actions)

The response sent to the user, of the appropriate format and type. Example: if there is a Request Header of content-type and text/html, then this should begin with <html> and end with </html>.

This field can contain tokens (preceded and followed by %, as shown in the example below), to customize the response sent to the client:

Token
Comment

Client_IP

The client's IP address

Timestamp

The request's timestamp

Status_Code

The HTTP status code being returned to the client

Host_Domain

Domain of the destination URL

Request_ID

A unique identifier for the request, used internally by Link11 WAAP (and which also appears in the Events Log)

Session_ID

A unique identifier for the client's session, used internally by Link11 WAAP (and which also appears in the Events Log)

By default, Link11 WAAP comes with a rich HTML page, as shown in the screenshot above.

Here's an example of the Content for a simpler token-based response:

Access Denied

Request was:
received at %Timestamp%
from IP address %Client_IP%
sent to %Host_Domain%
and was answered with response code %Status_Code%.
PreviousACL ProfilesNextDynamic Rules

Last updated

Was this helpful?