Skip to content

Inspecting Application Profile Rules

To view the rules in the application structure, go to the Rules section of Wallarm Console. This section represents branches and endpoints that are already known.

Rules tab overview

The system automatically groups the rules by branches, highlighting common conditions and building a tree-like structure. As a result, a branch may have child branches. To show or hide nested branches, click on the blue circle to the left of the branch description.

Two asterisks ** in a branch description refer to any number of nested paths. For instance, the branch /**/*.php will contain both /index.php and /app/admin/install.php.

The size of the blue circle indicates the relative quantity of the nested branches. Its color indicates the relative quantity of the rules within the branch and its sub-branches. On each nesting level, the size and color of the circles are independent from each other.

To the right of the branch description, the system may display an orange number, which indicates the number of rules in that branch (only the direct descendants, not the nested rules). If no number is displayed, then that branch is "virtual" — it is used only for grouping similar sub-branches.

Branches with no rules available for the user (according to the privilege model) are automatically hidden .

Rule Display

In each branch, the user can look through the list of rules attached to it. To switch over to the page with the rule list, click on the description of the corresponding branch.

Viewing branch rules

The rules within a branch are grouped by the point field. The rules that affect the entire request, rather than individual parameters, are grouped together into one line. To see the entire list, click on the line.

For each rule, the system displays the following parameters: last modified time, quantity, types, and point.

Default rules

You can create rules with specified action but not linked to any endpoint - they are called default rules. Such rules are applied to all endpoints.

  • To create default rule, follow the standard procedure but leave URI blank. The new rule not linked to any endpoint will be created.

  • To view the list of created default rules, click the Default rules button.

Traffic filtration mode default rule

Wallarm automatically creates the Set filtration mode default rule for all clients and sets its value on the basis of general filtration mode setting.

Default rules are inherited by all branches.

Distinct and inherited rules

The rules are inherited down the rules branch. Principles:

  • All branches inherit default rules.

  • In a branch, child endpoints inherit rules from the parent.

  • Distinct has priority over inherited.

  • Directly specified has priority over regex.

  • Case sensitive has priority over insensitive.

Here are some details of how to work with the rules branch:

  • To expand the endpoint, click the blue circle.

  • Endpoints that do not have distinct rules are greyed out and not clickable.

    Branch of endpoints

  • To view rules for the endpoint, click it. First, distinct rules for this endpoint will be displayed.

  • When viewing the rule list for the specific endpoint, click Distinct and inherited rules to display the inherited ones. Inherited rules will be displayed together with the distinct; they will be greyed out compared to distinct.

    Distinct and inherited rules for endpoint

API calls to get rules

To get custom rules, you can call the Wallarm API directly besides using the Wallarm Console UI. Below are some examples of the corresponding API calls.

Get all configured rules

curl -v -X POST "https://us1.api.wallarm.com/v1/objects/hint" -H "X-WallarmApi-Token: <YOUR_TOKEN>" -H "accept: application/json" -H "Content-Type: application/json" -d "{\"filter\":{\"clientid\": [YOUR_CLIENT_ID]},\"order_by\": \"updated_at\",\"order_desc\": true,\"limit\": 1000,\"offset\": 0}"
curl -v -X POST "https://api.wallarm.com/v1/objects/hint" -H "X-WallarmApi-Token: <YOUR_TOKEN>" -H "accept: application/json" -H "Content-Type: application/json" -d "{\"filter\":{\"clientid\": [YOUR_CLIENT_ID]},\"order_by\": \"updated_at\",\"order_desc\": true,\"limit\": 1000,\"offset\": 0}"

Get only conditions of all rules

curl -v -X POST "https://us1.api.wallarm.com/v1/objects/action" -H "X-WallarmApi-Token: <YOUR_TOKEN>" -H "accept: application/json" -H "Content-Type: application/json" -d "{ \"filter\": { \"clientid\": [YOUR_CLIENT_ID] }, \"offset\": 0, \"limit\": 1000}"
curl -v -X POST "https://api.wallarm.com/v1/objects/action" -H "X-WallarmApi-Token: <YOUR_TOKEN>" -H "accept: application/json" -H "Content-Type: application/json" -d "{ \"filter\": { \"clientid\": [YOUR_CLIENT_ID] }, \"offset\": 0, \"limit\": 1000}"

Get rules attached to a specific condition

To point to a specific condition, use its ID - you can get it when requesting conditions of all rules (see above).

curl -v -X POST "https://us1.api.wallarm.com/v1/objects/hint" -H "X-WallarmApi-Token: <YOUR_TOKEN>" -H "accept: application/json" -H "Content-Type: application/json" -d "{\"filter\":{\"clientid\": [YOUR_CLIENT_ID],\"actionid\": YOUR_CONDITION_ID},\"limit\": 1000,\"offset\": 0}"
curl -v -X POST "https://api.wallarm.com/v1/objects/hint" -H "X-WallarmApi-Token: <YOUR_TOKEN>" -H "accept: application/json" -H "Content-Type: application/json" -d "{\"filter\":{\"clientid\": [YOUR_CLIENT_ID],\"actionid\": YOUR_CONDITION_ID},\"limit\": 1000,\"offset\": 0}"