# Security Section Concepts When Reblaze receives an incoming request, it decides whether to pass the request through to the upstream server, or block it. This decision-making is done in several stages. ![](/files/-Ly4f1p4X28-tHmf5zOq) | Stage | Comments | | --------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | | **Quarantines and Dynamic Rules** | Traffic from requestors that are currently on the [Banlist](/v2.12.0/product-walkthrough/security/quarantined.md#banlist) or [Blacklist](/v2.12.0/product-walkthrough/security/quarantined.md#blacklist) is blocked. Other requestors are evaluated for potential addition to the Banlist using [Dynamic Rules](/v2.12.0/product-walkthrough/security/dynamic-rules.md). | | **Static Rules and Rate Limits** | Requests that do not conform to specified size, time, and rate limits are blocked. More information: [Static Rules](/v2.12.0/product-walkthrough/security/static-rules.md) | | **ACLs** | Filtering based on [Access Control Lists](/v2.12.0/product-walkthrough/security/profiles/acl-policies.md), including [Custom Signatures](/v2.12.0/product-walkthrough/security/profiles/acl-policies.md#custom-signature). | | **Rate Limits** | Enforces rate limits defined for specific locations/resources within the planet. More information: [Setting Rate Limits for a Location](/v2.12.0/product-walkthrough/settings/web-proxy/security-profiles.md#setting-rate-limits-for-a-location). | | **Challenges** | Verifies that requests are coming from humans. More information: [The Challenge Process](/v2.12.0/product-walkthrough/reblaze-traffic/traffic-concepts.md#the-challenge-process). | | **Content Filtering** | Blocks requests that do not conform to specified rulesets for required or disallowed content. This is the location-based filtering described in [Filtering on Content](/v2.12.0/using-the-product/how-do-i.../filter-by-content.md). | | **Argument Analysis** | Examination of characters in arguments. Possible results are to exempt a request from WAF filtering, to send the request to the WAF for inspection, or to block the request. More info: [Args Analysis](/v2.12.0/product-walkthrough/security/args-analysis.md). | | **WAF/IPS Policies** | Blocks requests that do not conform to the [WAF/IPS Policy](/v2.12.0/product-walkthrough/security/profiles/waf-ips-policies.md) settings. | Some of the criteria for the decisions are global. In other words, they apply throughout your entire planet. For example, the settings in the [Static Rules](/v2.12.0/product-walkthrough/security/static-rules.md) section are globally applicable, and do not change depending on the context of the request. They will be applied to all traffic for all resources within your planet. Conversely, some criteria are non-global, and they do depend on the context. For example, you can assign different security rulesets for different resources or locations within your planet. In other words, you can assign different rules to specific domains, subdomains, folders, filetypes, etc. These non-global criteria are primarily defined within the [Profiles](/v2.12.0/product-walkthrough/security/profiles.md) section. They have their own structure, explained in more detail in that section of this Manual (see especially the [Profile Concepts](/v2.12.0/product-walkthrough/security/profiles/profile-concepts.md) page). Once Profiles are defined, they are available to be assigned to specific resources/locations within your planet. Those assignments are done in the [Settings->Web Proxy->Security Profiles](/v2.12.0/product-walkthrough/settings/web-proxy.md) section. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://waap.docs.link11.com/v2.12.0/product-walkthrough/security/concepts.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.