Custom rules allow you to override the AI detection. Using this feature, the incoming traffic reaching your endpoints can be managed with perfect precision, ensuring that your threat response policy fulfills both security and business needs.
You can add up to a 1000 custom rules to your dashboard, creating each rule based on a query up to 1500 characters long.
To access your custom rules list, go to: Custom Rules > All
To add a custom rule, go to: Explore > Custom Rules
To add a new custom rule:
1 - Enter the query (Refer to "Syntax guidelines")
2 - Select the endpoint type the rule has to be applied to (Refer to "what is an endpoint?")
3 - Click on "Check Rule"
4 - Check the result
5 - Click on "Add Rule"
6 - Select the configuration you want to apply to every request that matches the rule:
- Whitelist: every request that matches the rule will be whitelisted
- Timeboxing: based on a specified time period, part of the traffic will be whitelisted and the remaining part can be set to Captcha or block
- Rate Limiting: based on a specified number of requests, part of the traffic will be whitelisted and the remaining part can be set to Captcha or block
- Captcha: a Captcha will be displayed for every request that matches the rule
- Block: every request that matches the rule will be blocked
A pop-up is displayed with the query and the selected endpoint type.
Depending on the configuration you chose, additional settings will be displayed to setup the custom rule.
7 - Add a rule name
8 - Select a priority: if a request matches two custom rules, the rule with the higher priority will be applied first
9 - Depending on the response you selected above, fill in the additional settings:
When you add a custom rule, first you have to test the result. You can save the rule after it has been tested.
If the result returned is null, you can:
1 - Expand your time range
2 - Refine your query
Rules can be saved even if the result is empty.
To edit a custom rule, click the “Edit” icon next to a selected rule:
You will then be redirected to the “Explore” section enabling you to edit the query, check the matching traffic and update the rule. It is also possible to change the response and/or the name of the rule:
To delete a rule go to Custom Rules > All > Delete
Once you have added the rule, you can view the requests by going to Custom Rules > All
You can click on:
- "See Bot IPs" in order to view the IPs details.
- "See More" in order to view more info about the requests in the "Explore" section (Refer to "How to explore your data?")
Only "Admin" and "Editor" users have the right to add & delete rules.
Custom rules limit
If you have reached the authorized custom rules limit, please contact support: [email protected]
Updated 10 months ago