# Security Section Concepts Reblaze evaluates incoming traffic in a multi-stage filtering process. An HTTP/S request which passes all security tests will be forwarded to the backend. This decision-making is done in several stages. ![](https://2672114182-files.gitbook.io/~/files/v0/b/gitbook-legacy-files/o/assets%2F-LuRghgerfT6t9aVOOha%2F-MEQiQDwmNPHwFaaztKy%2F-MER8Zx5Mm7XudHuJLre%2FReblaze-stages-v2.14.png?alt=media\&token=54b2d1d6-29b2-4cad-8184-fdf6c875aed0) | Stage | Comments | | ----------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | **Pre-Processing Cloud Functions** | The [Cloud Functions](https://waap.docs.link11.com/v2.20/product-walkthrough/security/cloud-functions) marked "Request Pre Reblaze" are executed. | | **Quarantines & Dynamic Rules** | Traffic from requestors that are currently on the [Banlist](https://waap.docs.link11.com/v2.20/product-walkthrough/quarantined#banlist) or [Blacklist](https://waap.docs.link11.com/v2.20/product-walkthrough/quarantined#blacklist) is blocked. Other requestors are evaluated for potential addition to the Banlist using [Dynamic Rules](https://waap.docs.link11.com/v2.20/product-walkthrough/security/dynamic-rules). | | **Static Rules & Rate Limits** | Requests that do not conform to specified size, time, and per-IP rate limits are blocked, according to the [Advanced Frontend Settings](https://waap.docs.link11.com/v2.20/settings/web-proxy#advanced-frontend-settings) for the application. | | **Session Profiling** | Reblaze assigns [automatically-generated tags](https://waap.docs.link11.com/v2.20/reference-information-1/tags#automatic-tags), and [user-defined tags](https://waap.docs.link11.com/v2.20/reference-information-1/tags#user-defined-tags) (configured in [Tag Rules](https://waap.docs.link11.com/v2.20/product-walkthrough/security/session-profiling)) to the requests. | | **ACL Policies** | [ACL Policies](https://waap.docs.link11.com/v2.20/product-walkthrough/security/profiles/acl-policies) are enforced. | | **Rate Limits** | [Rate Limit Rules](https://waap.docs.link11.com/v2.20/product-walkthrough/security/rate-limiting) are enforced. | | **Challenges** | Verifies that requests are coming from humans. More information: [The Challenge Process](https://waap.docs.link11.com/v2.20/reblaze-traffic/traffic-concepts#the-challenge-process). | | **Argument Analysis** | Examination of characters in arguments. Possible results are to exempt a request from WAF filtering, to send the request to the WAF for inspection, or to block the request. More info: [Args Analysis](https://waap.docs.link11.com/v2.20/product-walkthrough/security/args-analysis). | | **WAF/IPS** | The active [WAF Policy](https://waap.docs.link11.com/v2.20/product-walkthrough/security/profiles/waf-ips-policies) is enforced, assuming that the request was not previously Bypassed in the ACL Policy. | | **Post-Processing Cloud Functions** | The [Cloud Functions](https://waap.docs.link11.com/v2.20/product-walkthrough/security/cloud-functions) marked "Request Post Reblaze" are executed. |