Link11 WAAP
v5
v5
  • Link11 WAAP Documentation
  • Release Notes
  • Known Issues
  • User Guide
    • Introduction to Link11 WAAP
  • How Link11 WAAP Works
    • Traffic Filtering Process
    • Traffic Reporting and Analytics
    • Policy Mapping and Traffic Routing
    • Tagging
    • UI Overview and Common Elements
  • Console UI Walkthrough
    • Analytics
      • Dashboard
      • Events Log
    • Security
      • Global Filters
      • Flow Control Policies
      • Security Policies
      • Rate Limit Rules
      • ACL Profiles
      • Actions
      • Dynamic Rules
      • Quarantined
      • Content Filter
        • Content Filter Profiles
        • Content Filter Rules
    • Sites
      • Server Groups
      • Proxy Templates
      • Mobile Application Groups
      • Backend Services
      • Edge Functions
      • DNS Records
      • SSL
        • Load Balancers
        • Certificates
    • System
      • Interactive Challenge
      • SSO Configuration
      • Purge CDN Cache
      • Users Management
      • Security Alerts
      • Log Exporters
      • Version Control
      • System DB
      • Publish Changes
    • Account
  • Using the product
    • Best Practices
      • Saving and Publishing Your Changes
      • Enabling Passive Challenges
      • Understanding and Diagnosing Traffic Issues
    • How Do I...
      • Authenticate mobile app users
      • Ban, unban, and allowlist traffic sources
      • Bypass Link11 WAAP for loadtesting or other purposes
      • Configure a new path/section of a site
      • Control caching behavior
      • Customize responses to clients
      • Defer argument retrieval in the Events Log
      • Enable GraphQL traffic
      • Enable mTLS (mutual TLS)
      • Generate or renew my own SSL certificates
      • Protect sensitive information in logs and analytics
      • Quickly block an attacker
      • Redirect or block HTTP traffic
      • Run custom code
      • Set rate limits and exemptions
      • Stream event data to a SIEM solution or other destination
    • The Link11 WAAP API
      • Overview
      • Internal data structures
      • Using Swagger UI
      • Using curl
  • Reference Information
    • Acronyms
    • API
      • API access to traffic data
      • Types of namespaces
      • Namespace reference
        • ACL Profiles
        • Actions
        • Backend Services
        • Certificates
        • Configs
        • Content Filter Profiles
        • Content Filter Rules
        • Data queries
        • Dynamic Rules
        • Edge Functions
        • Flow Control Policies
        • Global Filters
        • Load Balancers
        • Log Exporters
        • Mobile Application Groups
        • Planets
        • Proxy Templates
        • Rate Limit Rules
        • Security Alerts
        • Security Policies
        • Server Groups
        • Tags
        • Tools
        • Users
    • Hostile Bot Detection / LWCSI
      • Environmental detection and browser verification
      • Client authentication
      • Biometric behavioral verification
    • HTTP Response Codes
    • Log Exporter Output
    • Pattern Matching Syntax
    • Query Filter Syntax and Best Practices
  • Support
Powered by GitBook
On this page
  • Overview
  • Usage within applications and APIs
  • Administration
  • Components
  • Individual parameters
  • Name
  • Description
  • Type
  • Tags
  • Request headers (only available for monitor Actions)
  • Status code (only available for block Actions)
  • Response Headers (only available for block Actions)
  • Content (only available for block Actions)

Was this helpful?

Export as PDF
  1. Console UI Walkthrough
  2. Security

Actions

Actions to perform in response to traffic analysis

PreviousACL ProfilesNextDynamic Rules

Last updated 14 hours ago

Was this helpful?

Overview

At various stages in the traffic filtering process, Link11 WAAP can execute an action according to the characteristics of the request. These actions are defined within Actions.

Out of the box, L11WAAP includes several default Actions for admins to select. Additional ones can also be defined.

Usage within applications and APIs

Administration

The main page lists all current Actions.

Components

An Action consists of the following:

  • The Type of the action

  • Additional Type-specific parameters

  • Tag(s) to attach to requests that triggered this action

  • General parameters for administration

Individual parameters

Name

A name for this Action, to be used within the interface.

Description

Information about this Action, for use within the interface.

Type

This parameter will be one of the values below.

Setting
Effect

Skip

Block

Adds the tag(s) to the request, and sends a response to the user with the defined Response headers, Status code, and Content.

Challenge

Interactive Challenge

Monitor

Prioritization

The priority hierarchy is, from highest to lowest:

  • Skip

  • Block

  • Challenges (bot and/or interactive)

  • Monitor

Tags

A list of one or more tags, separated by spaces. When this Action is triggered, these tags will appear in the traffic logs.

Request headers (only available for monitor Actions)

Additional header(s) to add to the request, which will be sent to the backend.

Status code (only available for block Actions)

The status code returned to the user.

Response Headers (only available for block Actions)

A list of header(s) to add to the response that is sent to the user, specified as the header name and its value. Example: content-type and text/html.

Content (only available for block Actions)

The response sent to the user, of the appropriate format and type. Example: if there is a Request Header of content-type and text/html, then this should begin with <html> and end with </html>.

This field can contain tokens (preceded and followed by %, as shown in the example below), to customize the response sent to the client:

Token
Comment

Client_IP

The client's IP address

Timestamp

The request's timestamp

Status_Code

The HTTP status code being returned to the client

Host_Domain

Domain of the destination URL

Request_ID

A unique identifier for the request, used internally by Link11 WAAP (and which also appears in the Events Log)

Session_ID

A unique identifier for the client's session, used internally by Link11 WAAP (and which also appears in the Events Log)

By default, Link11 WAAP comes with a rich HTML page, as shown in the screenshot above.

Here's an example of the Content for a simpler token-based response:

Access Denied

Request was:
received at %Timestamp%
from IP address %Client_IP%
sent to %Host_Domain%
and was answered with response code %Status_Code%.

Actions are available at various stages of the , e.g. , , , and .

As shown in the diagram below, different types of Actions can occur at various stages. An Action can terminate the processing of a request by blocking it, but other Actions (Skip, Challenge, and Monitor) are available as well, with different outcomes. See the description below of the .

The administration (addition/deletion/editing/versioning) of Actions follows the conventions described .

Adds the tag(s) to the request, then skips the remainder of the traffic evaluation process (similar to the Bypass option in ). Note that any Response phase will still be executed (as they are not part of the evaluation process).

Adds the tag(s) to the request, and issues a to verify that the user is human.

Adds the tag(s) to the request, and issues an to verify that the user is human.

Adds the tag(s) to the request, and continues to the next stage of without responding to the user. Admins can also define Request headers to add to the request as it is passed upstream.

Sometimes Link11 WAAP must choose one of several potential Actions. For example, when a request matches the conditions for multiple , each Filter will include an Action. The system must execute the highest-priority one.

traffic filtering process
Global Filters
Rate Limit Rules
ACL Profiles
Content Filter Profiles
Type parameter
here
Global Filters
ACL Profiles
Edge Functions
bot challenge
interactive challenge
traffic processing