# Security Section Concepts Reblaze evaluates incoming traffic in a multi-stage filtering process. An HTTP/S request which passes all security tests will be forwarded to the backend. This decision-making is done in several stages. ![](/files/-MER8Zx5Mm7XudHuJLre) | Stage | Comments | | ----------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | **Pre-Processing Cloud Functions** | The [Cloud Functions](/v2.20.4/console-ui-walkthrough/security/cloud-functions.md) marked "Request Pre Reblaze" are executed. | | **Quarantines & Dynamic Rules** | Traffic from requestors that are currently on the [Banlist](/v2.20.4/console-ui-walkthrough/security/quarantined.md#banlist) or [Blacklist](/v2.20.4/console-ui-walkthrough/security/quarantined.md#blacklist) is blocked. Other requestors are evaluated for potential addition to the Banlist using [Dynamic Rules](/v2.20.4/console-ui-walkthrough/security/dynamic-rules.md). | | **Static Rules & Rate Limits** | Requests that do not conform to specified size, time, and per-IP rate limits are blocked, according to the [Advanced Frontend Settings](/v2.20.4/console-ui-walkthrough/settings/web-proxy.md#advanced-frontend-settings) for the application. | | **Session Profiling** | Reblaze assigns [automatically-generated tags](/v2.20.4/reference-information/tags.md#automatic-tags), and [user-defined tags](/v2.20.4/reference-information/tags.md#user-defined-tags) (configured in [Tag Rules](/v2.20.4/console-ui-walkthrough/security/session-profiling.md)) to the requests. | | **ACL Policies** | [ACL Policies](/v2.20.4/console-ui-walkthrough/security/profiles/acl-policies.md) are enforced. | | **Rate Limits** | [Rate Limit Rules](/v2.20.4/console-ui-walkthrough/security/rate-limiting.md) are enforced. | | **Challenges** | Verifies that requests are coming from humans. More information: [The Challenge Process](/v2.20.4/console-ui-walkthrough/reblaze-traffic/traffic-concepts.md#the-challenge-process). | | **Argument Analysis** | Examination of characters in arguments. Possible results are to exempt a request from WAF filtering, to send the request to the WAF for inspection, or to block the request. More info: [Args Analysis](/v2.20.4/console-ui-walkthrough/security/args-analysis.md). | | **WAF/IPS** | The active [WAF Policy](/v2.20.4/console-ui-walkthrough/security/profiles/waf-ips-policies.md) is enforced, assuming that the request was not previously Bypassed in the ACL Policy. | | **Post-Processing Cloud Functions** | The [Cloud Functions](/v2.20.4/console-ui-walkthrough/security/cloud-functions.md) marked "Request Post Reblaze" are executed. | --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://waap.docs.link11.com/v2.20.4/console-ui-walkthrough/security/concepts.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.