Custom Rules

1. What is a custom rule?

Custom rules allow you to override the AI Threats Detection policies, by defining allow-lists or block-lists, ensuring that your response policy fulfills both security and business needs.

Custom rules can also be used to force a CAPTCHA or Device Check challenge on top of DataDome Threat Detection policy. In this case, DataDome blocks the incoming threats and forces the challenge on the undetected traffic.

You can add up to 1000 custom rules to your dashboard, creating each rule based on a query up to 1000 characters long.

2. Access your custom rules

To access your custom rules list, go to: Access Control > Custom Rules


3. Add a new custom rule

πŸ“˜

Custom rules limit

If you have reached the authorized custom rules limit, please contact support: [email protected]

πŸ“˜

Custom Rules guidelines

Create custom rules with some granularity (group of partners for instance) to be able to track those groups and possibly implement some timebox/ratelimit if needed in the future.

To add a custom rule, just hit the button "Create a Custom Rule", you will be redirected to Explore > Custom Rules

To add a new custom rule:

  1. Enter the query (Refer to "Syntax guidelines")
  2. Select the endpoint source and endpoint type the rule has to be applied to (Refer to "what is an endpoint?")
  3. Click on "Check Rule"
  4. Check the result
  5. Click on "Add Rule"
  6. Select the configuration you want to apply to every request that matches the rule:
    1. Allow: every request that matches the rule will be allowed
    2. Timeboxing: based on a specified time period, part of the traffic will be allowed and the remaining part can be set to Captcha, Block or Device Check
    3. Rate Limiting: based on a specified number of requests, part of the traffic will be allowed and the remaining part can be set to Captcha, Block or Device Check
    4. Captcha: a Captcha will be displayed for every request that matches the rule
    5. Block: every request that matches the rule will be blocked
    6. Device Check: every request that matches the rule will be challenged with Device Check
  7. A pop-up is displayed with the query and the selected endpoint type.
    Depending on the configuration you choose, additional settings will be displayed to setup the custom rule.
  8. Add a meaningful rule name
  9. Select a priority: if a request matches two custom rules, the rule with the higher priority will be applied first
  10. (Optional) Add an activation date and an expiration date
  11. Depending on the response you selected above, fill in the additional settings:
696

Time Boxing additional settings: you can select the response to apply for traffic incoming outside of the allowed period you set up

696

Rate Limiting additional settings: you can select the response to apply if the requests' count exceeds threshold rate you set up

4. Test a rule

When you add a custom rule, first you have to test the result. You can save the rule after it has been tested.

If the result returned is null, you can:
1 - Expand your time range
2 - Refine your query

Rules can be saved even if the result is empty.

5. Edit / Delete a rule

πŸ“˜

User role

Only "Admin" and "Editor" users have the right to add & delete rules.

To edit or delete a custom rule, just hit the Action menu next to a selected rule and choose "Edit" if you want to edit the rule:

You will then be redirected to the β€œExplore” section enabling you to edit the query, check the matching traffic and update the rule. It is also possible to change the response and/or the name of the rule:

6. View rule requests

Once you have added the rule, you can view the requests by going to Access Control > Custom Rules, you can click on "Explore" button of the action menu in order to view more info about the requests in the "Explore" section (Refer to "How to explore your data?")