At the tab Settings -> Rules you may review and change the rules for handling requests enabled for the current application profile.
The application profile is a collection of known information about protected applications. It is used to fine-tune the behavior of the system during the analysis of requests and their further processing in the post-analysis module and in the cloud.
For a better understanding of how the traffic processing rules are applied, it is advisable to learn how the filter node analyzes the requests.
An important thing about making changes to the rules is that these changes don't take effect immediately. It may take some time to compile the rules and download them into filter nodes.
Each parameter of the HTTP request in the Wallarm system is described with a sequence of filters applied for request processing, e.g. headers, body, URL, Base64, etc. This sequence is called the point.
Request processing filters are also called parsers.
A set of HTTP request parameters and their conditions. If these conditions are fulfilled, the rules related to this set of rules (branch) will be applied.
For example, if a rule branch describes the conditions matching all requests to any URL of the domain example.com (
example.com/**/*.*), then the rules contained in this branch will be applied only to such requests.
A branch without nested rule branches. Ideally, an application endpoint corresponds to one business function of the protected application. For instance, such business function as authorization can be an endpoint rule branch of
A request processing setting for the filter node, the post-analysis module or the cloud.
The processing rules are linked to the branches or endpoints. The rule is applied to the request only if the request matches all the conditions described in the branch.