Link11 WAAP
v5
v5
  • Link11 WAAP Documentation
  • Release Notes
  • Known Issues
  • User Guide
    • Introduction to Link11 WAAP
  • How Link11 WAAP Works
    • Traffic Filtering Process
    • Traffic Reporting and Analytics
    • Policy Mapping and Traffic Routing
    • Tagging
    • UI Overview and Common Elements
  • Console UI Walkthrough
    • Analytics
      • Dashboard
      • Events Log
    • Security
      • Global Filters
      • Flow Control Policies
      • Security Policies
      • Rate Limit Rules
      • ACL Profiles
      • Actions
      • Dynamic Rules
      • Quarantined
      • Content Filter
        • Content Filter Profiles
        • Content Filter Rules
    • Sites
      • Server Groups
      • Proxy Templates
      • Mobile Application Groups
      • Backend Services
      • Edge Functions
      • DNS Records
      • SSL
        • Load Balancers
        • Certificates
    • System
      • Interactive Challenge
      • SSO Configuration
      • Purge CDN Cache
      • Users Management
      • Security Alerts
      • Log Exporters
      • Version Control
      • System DB
      • Publish Changes
    • Account
  • Using the product
    • Best Practices
      • Saving and Publishing Your Changes
      • Enabling Passive Challenges
      • Understanding and Diagnosing Traffic Issues
    • How Do I...
      • Authenticate mobile app users
      • Ban, unban, and allowlist traffic sources
      • Bypass Link11 WAAP for loadtesting or other purposes
      • Configure a new path/section of a site
      • Control caching behavior
      • Customize responses to clients
      • Defer argument retrieval in the Events Log
      • Enable GraphQL traffic
      • Enable mTLS (mutual TLS)
      • Generate or renew my own SSL certificates
      • Protect sensitive information in logs and analytics
      • Quickly block an attacker
      • Redirect or block HTTP traffic
      • Run custom code
      • Set rate limits and exemptions
      • Stream event data to a SIEM solution or other destination
    • The Link11 WAAP API
      • Overview
      • Internal data structures
      • Using Swagger UI
      • Using curl
  • Reference Information
    • Acronyms
    • API
      • API access to traffic data
      • Types of namespaces
      • Namespace reference
        • ACL Profiles
        • Actions
        • Backend Services
        • Certificates
        • Configs
        • Content Filter Profiles
        • Content Filter Rules
        • Data queries
        • Dynamic Rules
        • Edge Functions
        • Flow Control Policies
        • Global Filters
        • Load Balancers
        • Log Exporters
        • Mobile Application Groups
        • Planets
        • Proxy Templates
        • Rate Limit Rules
        • Security Alerts
        • Security Policies
        • Server Groups
        • Tags
        • Tools
        • Users
    • Hostile Bot Detection / LWCSI
      • Environmental detection and browser verification
      • Client authentication
      • Biometric behavioral verification
    • HTTP Response Codes
    • Log Exporter Output
    • Pattern Matching Syntax
    • Query Filter Syntax and Best Practices
  • Support
Powered by GitBook
On this page
  • Overview
  • Administration and Use
  • Viewing quarantines
  • Cancelling quarantines and preventing False Positives

Was this helpful?

Export as PDF
  1. Console UI Walkthrough
  2. Security

Quarantined

Display and manage the list of quarantined traffic sources

PreviousDynamic RulesNextContent Filter

Last updated 2 months ago

Was this helpful?

Overview

The Quarantined List page shows a list of traffic sources that have triggered one or more . While a traffic source is on this list, Link11 WAAP responds to all of its requests automatically with the Dynamic Rule's Action.

Administration and Use

Viewing quarantines

Each quarantined traffic source will have an entry in the list. Long lists will be broken up across multiple pages, which can be navigated using the controls at the bottom of the page.

The overall list can be sorted according to the values in each column by using the Filter control at the top.

Cancelling quarantines and preventing False Positives

Traffic sources will be automatically removed from the Quarantine list when their quarantines have expired.

They can also be manually deleted. In the UI, this is done by selecting the trash icon at the end of an entry in the Quarantined List.

"Manual deletion" refers to deletion by an admin through either the UI or the API. Both methods produce the same results, as described below.

When a traffic source is manually deleted from the list, L11WAAP understands this to mean that the quarantine was a False Positive.

Therefore, when the next cycle of Dynamic Rule evaluation occurs, the Rule's corresponding Global Filter will be updated by removing the traffic source from its Rule list. Subsequent requests from that traffic source will not automatically receive the Rule's Tags and Action., unless/until that traffic source violates the Dynamic Rule again.

To exempt the traffic source from further Dynamic Rule enforcement, an admin should add appropriate tag(s) to the Dynamic Rule's Exclude list.

If L11WAAP has quarantined a traffic source and you wish to reverse this decision, the procedure above (editing the Quarantine list) should be performed. L11WAAP will update the corresponding Dynamic Rule and Global Filter automatically. Do not try to accomplish this by editing the Global Filter itself (which is non-editable in the UI, but could still be changed via API). Manually editing the Global Filter will not work; the next time Dynamic Rules are evaluated, the system will take everything that's currently quarantined and add it back to the Global Filter.

This is often used to ban a persistent violator of other security rulesets, but it can also be used merely to monitor a traffic source for a period of time. An explanation of the quarantining process is .

here
Dynamic Rules