Filtration mode rule¶
The filtration mode allows you to enable and disable the blocking of requests to various parts of a web application.
To set a filtration mode, create a Set filtration mode rule and select the appropriate mode.
The filtration mode can take one of the following values:
-
Default: the system will work in accordance with the parameters specified in the NGINX configuration files.
-
Disable: the analysis and filtration of requests are disabled completely.
-
Monitoring: the requests are analyzed and displayed in the interface but they are not blocked even if they are originated from denylisted IPs.
-
Safe blocking: malicious requests are blocked only if they are originated from graylisted IPs.
-
Blocking: malicious requests are blocked and displayed in the interface.
To implement this rule, the NGINX configuration files must permit centralized management of the operation mode.
Creating and applying the rule¶
You can create and apply the rule both in the Events and Rules section of Wallarm Console.
-
In the Events section, rules are created with a pre-filled description of endpoints to apply the rule to. The endpoint description corresponds to the request you clicked the Rule button for.
To complete the rule setup, just select the rule action type and make sure all rule components are configured correctly.
-
In the Rules section, all rule components must be filled in manually.
Default instance of rule¶
Wallarm automatically creates the instance of the Set filtration mode
rule on the default level. The system sets its value on the basis of general filtration mode setting.
This instance of the rule cannot be deleted. To change its value, modify general filtration mode setting of the system.
As all the other default rules, the Set filtration mode
default rule is inherited by all branches.
Example: Disabling Request Blocking During User Registration¶
If the following conditions take place:
-
new user registration is available at example.com/signup
-
it is better to overlook an attack than to lose a customer
Then, to create a rule disabling blocking during user registration
- Go to the Rules tab
- Find the branch for
example.com/signup
, and click Add rule - Choose Set filtration mode
- Choose operation mode monitoring
- Click Create
API calls to create the rule¶
To create the filtration mode rule, you can call the Wallarm API directly besides using the Wallarm Console UI. Below is the example of the corresponding API call.
The following request will create the rule setting the node to filter traffic going to the application with ID 3
in the monitoring mode.
curl 'https://us1.api.wallarm.com/v1/objects/hint/create' -H 'X-WallarmApi-Token: <YOUR_TOKEN>' -H "accept: application/json" -H "Content-Type: application/json" --data-raw '{"clientid":<YOUR_CLIENT_ID>,"type":"wallarm_mode","mode":"monitoring","validated":false,"action":[{"point":["instance"],"type":"equal","value":"3"}]}'
curl 'https://api.wallarm.com/v1/objects/hint/create' -H 'X-WallarmApi-Token: <YOUR_TOKEN>' -H "accept: application/json" -H "Content-Type: application/json" --data-raw '{"clientid":<YOUR_CLIENT_ID>,"type":"wallarm_mode","mode":"monitoring","validated":false,"action":[{"point":["instance"],"type":"equal","value":"3"}]}'