Link11 WAAP
v5
v5
  • Link11 WAAP Documentation
  • Release Notes
  • Known Issues
  • User Guide
    • Introduction to Link11 WAAP
  • How Link11 WAAP Works
    • Traffic Filtering Process
    • Traffic Reporting and Analytics
    • Policy Mapping and Traffic Routing
    • Tagging
    • UI Overview and Common Elements
  • Console UI Walkthrough
    • Analytics
      • Dashboard
      • Events Log
    • Security
      • Global Filters
      • Flow Control Policies
      • Security Policies
      • Rate Limit Rules
      • ACL Profiles
      • Actions
      • Dynamic Rules
      • Quarantined
      • Content Filter
        • Content Filter Profiles
        • Content Filter Rules
    • Sites
      • Server Groups
      • Proxy Templates
      • Mobile Application Groups
      • Backend Services
      • Edge Functions
      • DNS Records
      • SSL
        • Load Balancers
        • Certificates
    • System
      • Interactive Challenge
      • SSO Configuration
      • Purge CDN Cache
      • Users Management
      • Security Alerts
      • Log Exporters
      • Version Control
      • System DB
      • Publish Changes
    • Account
  • Using the product
    • Best Practices
      • Saving and Publishing Your Changes
      • Enabling Passive Challenges
      • Understanding and Diagnosing Traffic Issues
    • How Do I...
      • Authenticate mobile app users
      • Ban, unban, and allowlist traffic sources
      • Bypass Link11 WAAP for loadtesting or other purposes
      • Configure a new path/section of a site
      • Control caching behavior
      • Enable GraphQL traffic
      • Enable mTLS (mutual TLS)
      • Protect sensitive information in logs and analytics
      • Quickly block an attacker
      • Redirect or block HTTP traffic
      • Run custom code
      • Set rate limits and exemptions
      • Stream event data to a SIEM solution or other destination
    • The Link11 WAAP API
      • Overview
      • Internal data structures
      • Using Swagger UI
      • Using curl
  • Reference Information
    • Acronyms
    • API
      • API access to traffic data
      • Types of namespaces
      • Namespace reference
        • ACL Profiles
        • Actions
        • Backend Services
        • Certificates
        • Configs
        • Content Filter Profiles
        • Content Filter Rules
        • Data queries
        • Dynamic Rules
        • Edge Functions
        • Flow Control Policies
        • Global Filters
        • Load Balancers
        • Log Exporters
        • Mobile Application Groups
        • Planets
        • Proxy Templates
        • Rate Limit Rules
        • Security Alerts
        • Security Policies
        • Server Groups
        • Tags
        • Tools
        • Users
    • Hostile Bot Detection / LWCSI
      • Environmental detection and browser verification
      • Client authentication
      • Biometric behavioral verification
    • HTTP Response Codes
    • Log Exporter Output
    • Pattern Matching Syntax
    • Query Filter Syntax and Best Practices
  • Support
Powered by GitBook
On this page
  • Initial Configuration
  • Configuring the Action
  • Configuring the Rule list
  • Configuring the Scope
  • Saving and Publishing

Was this helpful?

Export as PDF
  1. Using the product
  2. How Do I...

Redirect or block HTTP traffic

Under most circumstances, a session over unencrypted HTTP should not be accepted. Using Link11 WAAP, admins can refuse HTTP requests by either:

PreviousQuickly block an attackerNextRun custom code

Last updated 1 year ago

Was this helpful?

  • Redirecting them to HTTPS

  • Or simply blocking them.

Admins must also choose whether to refuse HTTP traffic:

  • Globally, throughout the entire planet, or

  • Selectively, to certain paths within the planet.

This can all be done with a single .

Initial Configuration

Create a Global Filter with these parameters:

  • Name and Description: as desired

  • Active mode: enabled

  • Source: self-managed

  • Tags: as desired, perhaps something descriptive such as http-received

Configuring the Action

The Global Filter's Action setting determines what will happen to the request.

To block the request completely, choose a blocking Action (perhaps the default Global filter block Action).

To redirect the HTTP request to HTTPS, you can select the default https redirect Action (shown below). If you choose to edit this Action or use a different one, ensure that the selected Action has the same Status code, and the same setting for the location header.

Configuring the Rule list

Within the Rule list, select +New Entry. Populate the new entry with:

  • Category set toTag

  • Match set toprotocol:http

  • Whatever Annotation you wish.

At this point, the Global Filter should look something like this:

Configuring the Scope

By following the steps above, you have a Global Filter that will block or redirect HTTP traffic globally, throughout the entire planet.

If instead you only want to apply this Global Filter to certain paths within the planet, you must create one or more additional entries in the Rule list. Each should have:

  • Category set toPath

  • Match set to a regex describing the path

  • Whatever Annotation you wish.

Create as many entries as necessary to include all the desired paths.

Note that these entries should all be within the same section as the first Tag entry. (If instead you selected +New section, and the entries are now in separate sections, ensure that the relation between them is set to Relation: AND.)

Saving and Publishing

When you have completed the steps above, the Global Filter has been created.

If this was your goal, skip down to the steps below.

Select Save, and then .

Global Filter
publish the changes
Saving and Publishing