Filtration mode rule¶
The filtration mode allows you to enable and disable the blocking of requests to various parts of a web application.
To set a filtration mode, create a Set filtration mode rule and select the appropriate mode.
The filtration mode can take one of the following values:
Default: the system will work in accordance with the parameters specified in the NGINX configuration files.
Disable: the analysis and filtration of requests are disabled completely.
Monitorig: the requests are analyzed and displayed in the interface but they are not blocked even if they are originated from denylisted IPs.
Safe blocking: malicious requests are blocked only if they are originated from graylisted IPs.
Blocking: malicious requests are blocked and displayed in the interface.
To implement this rule, the NGINX configuration files must permit centralized management of the operation mode.
Creating and applying the rule¶
You can create and apply the rule both in the Events and Rules section of Wallarm Console.
In the Events section, rules are created with a pre-filled description of endpoints to apply the rule to. The endpoint description corresponds to the request you clicked the Rule button for.
To complete the rule setup, just select the rule action type and make sure all rule components are configured correctly.
In the Rules section, all rule components must be filled in manually.
Default instance of rule¶
This instance of the rule cannot be deleted. To change its value, modify general filtration mode setting of the system.
As all the other default rules, the
Set filtration mode default rule is inherited by all branches.
Example: Disabling Request Blocking During User Registration¶
If the following conditions take place:
new user registration is available at example.com/signup
it is better to overlook an attack than to lose a customer
Then, to create a rule disabling blocking during user registration
- Go to the Rules tab
- Find the branch for
example.com/signup, and click Add rule
- Choose Set filtration mode
- Choose operation mode monitoring
- Click Create