# Filter by Content

There are several ways to filter requests based on their content.

## Recommended Method: Session Profiling

1. Create one or more lists of content filters in [Session Profiling](https://waap.docs.link11.com/v2.20/product-walkthrough/security/session-profiling), with appropriate tags. 
2. Create [ACL Policies](https://waap.docs.link11.com/v2.20/product-walkthrough/security/profiles/acl-policies) for each tag with appropriate actions (Bypass, Deny, or Allow).
3. Include the ACL Policies in one or more [ACL Profiles](https://waap.docs.link11.com/v2.20/product-walkthrough/security/profiles).
4. Include the ACL Profiles in one or more [Security Profiles](https://waap.docs.link11.com/v2.20/product-walkthrough/settings/web-proxy#security-profiles).

## Other Methods

[Custom Signatures](https://waap.docs.link11.com/v2.20/product-walkthrough/security/profiles/acl-policies#custom-signature) can be used for specifying content restrictions. They are included within [ACL Policies](https://waap.docs.link11.com/v2.20/product-walkthrough/security/profiles/acl-policies), which are used within [Profiles](https://waap.docs.link11.com/v2.20/product-walkthrough/security/profiles), which are assigned to various locations of your site/application on the [Web Proxy](https://waap.docs.link11.com/v2.20/product-walkthrough/settings/web-proxy) page.

[Args Analysis](https://waap.docs.link11.com/v2.20/product-walkthrough/security/args-analysis) examines the characters found in arguments. Depending on its mode, it can block requests if unexpected characters are found, or pass them on to the WAF for further inspection. It can also act as an inverse content filter; those requests with arguments which contain only whitelisted characters can bypass WAF filtering. 

{% hint style="warning" %}
Custom Signatures and Args Analysis will be deprecated in a future release. For content filtering, it is recommended that you use the first method based on Session Profiling instead.
{% endhint %}