Link11 WAAP
v2.12
v2.12
  • Link11 WAAP v2.12 Portal
  • Introduction
  • Getting Started
  • Setup Checklists
  • Marketplace onboarding
  • Console UI Walkthrough
    • Traffic
      • Traffic Concepts
      • Dashboard
      • View Log
    • Security
      • Security Section Concepts
      • Static Rules
      • Dynamic Rules
      • Quarantined
      • Profiles
        • Profile Concepts
        • Profiles
        • ACL Policies
        • WAF/IPS Policies
        • Custom Signature
      • Args Analysis
    • Settings
      • Web Proxy
        • General Settings
        • Application Profiles
        • Security Profiles
      • SSL Management
      • DNS
      • Planet Overview
      • Account
  • Using the product
    • Best Practices
      • Saving and Publishing Your Changes
      • Enabling Passive Challenges
      • Using the Reblaze Query Box
      • Understanding and Diagnosing Traffic Issues
    • How Do I...
      • Ban, Unban, and Whitelist Traffic Sources
      • Bypass Rate Limits for Loadtesting
      • Control Caching Behavior
      • Filter by Content
      • Quickly Block an Attacker
      • Secure Traffic from a Third-Party Page
      • Set Rate Limits
      • Set up SIEM/SOC integration
      • Video Tutorials
        • DNS Training
        • SSL Training
    • API
      • Reblaze REST API
      • Mobile SDK
  • Reference Information
    • Access log-structure
    • Acronyms
    • Deployment Terminology
    • Hostile Bot Detection / RCSI
      • Environmental detection and browser verification
      • Client authentication
      • Biometric behavioral verification
    • HTTP Response Codes
    • Pattern Matching Syntax
    • Signatures
    • TTL Expression Syntax
  • Support
Powered by GitBook
On this page

Was this helpful?

Export as PDF
  1. Console UI Walkthrough
  2. Security

Security Section Concepts

How Reblaze scrubs incoming traffic

PreviousSecurityNextStatic Rules

Last updated 4 years ago

Was this helpful?

When Reblaze receives an incoming request, it decides whether to pass the request through to the upstream server, or block it.

This decision-making is done in several stages.

Stage

Comments

Quarantines and Dynamic Rules

Static Rules and Rate Limits

ACLs

Rate Limits

Challenges

Content Filtering

Argument Analysis

WAF/IPS Policies

Conversely, some criteria are non-global, and they do depend on the context. For example, you can assign different security rulesets for different resources or locations within your planet. In other words, you can assign different rules to specific domains, subdomains, folders, filetypes, etc.

Traffic from requestors that are currently on the or is blocked. Other requestors are evaluated for potential addition to the Banlist using .

Requests that do not conform to specified size, time, and rate limits are blocked. More information:

Filtering based on , including .

Enforces rate limits defined for specific locations/resources within the planet. More information: .

Verifies that requests are coming from humans. More information: .

Blocks requests that do not conform to specified rulesets for required or disallowed content. This is the location-based filtering described in .

Examination of characters in arguments. Possible results are to exempt a request from WAF filtering, to send the request to the WAF for inspection, or to block the request. More info: .

Blocks requests that do not conform to the settings.

Some of the criteria for the decisions are global. In other words, they apply throughout your entire planet. For example, the settings in the section are globally applicable, and do not change depending on the context of the request. They will be applied to all traffic for all resources within your planet.

These non-global criteria are primarily defined within the section. They have their own structure, explained in more detail in that section of this Manual (see especially the page).

Once Profiles are defined, they are available to be assigned to specific resources/locations within your planet. Those assignments are done in the section.

Static Rules
Profiles
Profile Concepts
Settings->Web Proxy->Security Profiles
Static Rules
Filtering on Content
Args Analysis
WAF/IPS Policy
Dynamic Rules
Access Control Lists
Banlist
Blacklist
Setting Rate Limits for a Location
Custom Signatures
The Challenge Process