Skip to content

Filtration Mode Rule

The filtration mode allows you to enable and disable the blocking of requests to various parts of a web application.

To set a filtration mode, create a Set filtration mode rule and select the appropriate mode.

The filtration mode can take one of the following values:

  • Default: the system will work in accordance with the parameters specified in the NGINX configuration files.

  • Disable: analysis and filtration of requests are turned off, except for requests originating from IPs on the denylist. Requests from denylisted IPs are blocked (but not shown in the interface).

  • Monitoring: requests are analyzed and displayed in the interface, but they are not blocked unless they originate from denylisted IPs. Requests from denylisted IPs are blocked (but not shown in the interface).

  • Safe blocking: malicious requests are blocked only if they are originated from graylisted IPs.

  • Blocking: malicious requests are blocked and displayed in the interface.

To implement this rule, the NGINX configuration files must permit centralized management of the operation mode.

Creating and applying the rule

You can create and apply the rule both in the Attacks and Rules sections of Wallarm Console.

  • In the Attacks section, rules are created with a pre-filled description of endpoints to apply the rule to. The endpoint description corresponds to the request you clicked the Rule button for.

    To complete the rule setup, just select the rule action type and make sure all rule components are configured correctly.

  • In the Rules section, all rule components must be filled in manually.

Default instance of rule

Wallarm automatically creates the instance of the Set filtration mode rule on the default level. The system sets its value on the basis of general filtration mode setting.

This instance of the rule cannot be deleted. To change its value, modify general filtration mode setting of the system.

As all the other default rules, the Set filtration mode default rule is inherited by all branches.

Example: Disabling Request Blocking During User Registration

If the following conditions take place:

  • new user registration is available at example.com/signup

  • it is better to overlook an attack than to lose a customer

Then, to create a rule disabling blocking during user registration

  1. Go to the Rules tab
  2. Find the branch for example.com/signup, and click Add rule
  3. Choose Set filtration mode
  4. Choose operation mode monitoring
  5. Click Create

Setting traffic filtration mode

API calls to create the rule

To create the filtration mode rule, you can call the Wallarm API directly besides using the Wallarm Console UI. Below is the example of the corresponding API call.

The following request will create the rule setting the node to filter traffic going to the application with ID 3 in the monitoring mode.

curl 'https://us1.api.wallarm.com/v1/objects/hint/create' -H 'X-WallarmApi-Token: <YOUR_TOKEN>' -H "accept: application/json" -H "Content-Type: application/json" --data-raw '{"clientid":<YOUR_CLIENT_ID>,"type":"wallarm_mode","mode":"monitoring","validated":false,"action":[{"point":["instance"],"type":"equal","value":"3"}]}'
curl 'https://api.wallarm.com/v1/objects/hint/create' -H 'X-WallarmApi-Token: <YOUR_TOKEN>' -H "accept: application/json" -H "Content-Type: application/json" --data-raw '{"clientid":<YOUR_CLIENT_ID>,"type":"wallarm_mode","mode":"monitoring","validated":false,"action":[{"point":["instance"],"type":"equal","value":"3"}]}'