Link11 WAAP
v2.16
v2.16
  • Link11 WAAP v2.16 Portal
  • Introduction
  • Getting Started
  • Setup Checklists
  • Marketplace onboarding
  • Console UI Walkthrough
    • General UI flow
    • Traffic
      • Traffic Concepts
      • Dashboard
      • View Log
    • Security
      • Security Section Concepts
      • Dynamic Rules
      • Quarantined
      • Profiles
        • Profile Concepts
        • Profiles
        • ACL Policies
        • WAF/IPS Policies
        • Custom Signature
      • Args Analysis
      • Tag Rules
      • Rate Limiting
      • Cloud Functions
    • Settings
      • Web Proxy
      • Backend Services
      • Error Pages
      • SSL
      • DNS
      • Planet Overview
      • Account
  • Using the product
    • Best Practices
      • Saving and Publishing Your Changes
      • Enabling Passive Challenges
      • Using the Reblaze Query Box
      • Understanding and Diagnosing Traffic Issues
    • How Do I...
      • Ban, Unban, and Whitelist Traffic Sources
      • Bypass Rate Limits for Loadtesting
      • Control Caching Behavior
      • Filter by Content
      • Quickly Block an Attacker
      • Secure Traffic from a Third-Party Page
      • Set Rate Limits and Exemptions
      • Set up SIEM/SOC integration
      • Video Tutorials
        • DNS Training
    • API
      • Reblaze REST API
      • Mobile SDK
  • Reference Information
    • Access log-structure
    • Acronyms
    • Deployment Terminology
    • Hostile Bot Detection / RCSI
      • Environmental detection and browser verification
      • Client authentication
      • Biometric behavioral verification
    • HTTP Response Codes
    • Pattern Matching Syntax
    • Signatures
    • Tags
    • TTL Expression Syntax
  • Support
Powered by GitBook
On this page
  • User-Defined Tags
  • Automatic Tags
  • Examples of automatic tags

Was this helpful?

Export as PDF
  1. Reference Information

Tags

PreviousSignaturesNextTTL Expression Syntax

Last updated 3 years ago

Was this helpful?

When an incoming request is received, Reblaze generates internal tags and assigns them to it.

Some tags are assigned early, and are used to make decisions about how the request is handled. For example, if a request's IP is found on the Spamhaus DROP list, it might be assigned a tag of "spamhaus". Then an might block the request because it contains that tag.

Some tags can be generated during processing; they reflect the decisions that were made. For example, a request that was blocked because it violated a will be assigned a tag containing that Rate Limit's name. The tag will be shown in the .

Some tags are defined by the user, while others are generated automatically by Reblaze.

User-Defined Tags

are user-defined lists of criteria with one or more associated tags. Requests which match the criteria will be assigned those tags.

A Profiling List can be based on an external list (e.g., the Spamhaus DROP list), or a user-defined custom list (e.g., a list of IP addresses used by the internal QA team).

Automatic Tags

Many tags are generated automatically by Reblaze. Examples:

  • Every request receives a tag of "all".

  • Every request receives several tags according to its source (the IP address, geolocation, etc.)

  • Every request receives two tags for the that it matched (both at the domain level and at the Path Map level).

  • Requests which violate a security policy or have other problems, receive tags with descriptive names (e.g., the name of the policy that was violated).

When tag names are generated from underlying values (IP addresses, security rule names, etc.), hyphens will replace spaces and special characters.

Examples of automatic tags

Value or Situation

Example tag

(Every request)

all

IP address

ip-192-168-0-2

ASN

asn-1680

Country

geo-canada

URL Map that the request matched

urlmap-default-entry

WAF signature #100039 was violated.

waf-sig-100039

A Rate Limit (named "Rate limit rule 5/60") is being evaluated.

rate-limit-rule-5-60

Sometimes a request will get two separate tags that seem to be redundant. For example:

  • urlmap-default-entry

  • urlmap-entry-default

When a Security Profile is matched with a request, a tag is generated for the Profile itself, and for the Profile that was used. If the names are similar (which is true for default values, as in the example), then the tags can appear to be redundant.

ACL Profile
Rate Limit
View Log
Session Profiling Lists
Security Profile