Custom Rules

Custom rule

Custom rules are user-defined sets of rules to suit specific website characteristics and unique security requirements.

Custom Rule Types in BizflyCloud WAF

BizflyCloud WAF supports custom rules based on the following types:

• By geographic location (Geo location)
• By IP address (IP address)
• By request size (Size)
• By strings within the request (String)

Each rule type has corresponding Variables that can be selected

• Example:
  • For Geo location and IP Address, we have the Remote Address variable.
  • For Size and String, we have:
    • QueryString
    • RequestUri (URI of the request)
    • Request Method
    • Request Header
    • Post Args (arguments of the post request)
    • Request Body
    • Cookies

The Is/Is not Operation allows for the creation of inverse logic

There is an Operator depending on the rule type to match packets.

• Example:
  • For the Size rule type, the Operators are:
    • less than
    • less than or equal
    • greater than
    • greater than or equal
  • For the String rule type, the Operators are:
    • Any (for all values)
    • Equal (exactly matches the value)
    • Contains (the value is present in the request)
    • Begin with
    • End with
    • Regex (Regular expression)

Furthermore, rules support transformation to alter the incoming request into a defined format

• Example:
  • Empty (No change to the input request)
  • Uppercase
  • Lowercase
  • Trim (remove whitespace)
  • Remove nulls (remove null bytes)
  • url decode (Decode URL base64)
  • url encode (Encode URL base64)