Rules
Using rules, you can define conditions for selecting HTTP request, specify actions for requests that match these conditions, and prioritize rules.
The rule priority is set as a numeric parameter from 1 to 1000000.
Note
The smaller the value, the higher is the rule priority. The priorities for preconfigured rules are as follows:
- Basic default rule:
1000000. - Smart Protection rule providing full protection:
999900.
You can also log information about the traffic matching your conditions, without applying any action to it.
Yandex Smart Web Security provides the following rule types:
You can learn more in Managing rules.
Basic rules
Basic rule is a rule that allows, denies, or directs traffic to Yandex SmartCaptcha based on specified conditions. It is used for simple traffic filtering based on specific parameters.
Each security profile includes a basic default rule with the lowest priority (1000000) that allows or denies all traffic.
Smart Protection rules
Smart Protection is a rule that sends traffic, based on specified conditions, for automatic analysis using machine learning and behavioral analysis algorithms. Depending on the selected action, suspicious requests are sent to SmartCaptcha for additional verification or get blocked.
Web Application Firewall rules
Web Application Firewall rules engage a WAF profile to analyze traffic for compliance with the WAF basic rule sets. Depending on the selected action, suspicious requests are sent to SmartCaptcha for additional verification or get blocked.
You can use the following SmartCaptcha CAPTCHA options to verify requests compliant with the Smart Protection and Web Application Firewall rules:
-
Default: Managed on the Yandex Cloud side, captcha parameters:- Main challenge: Checkbox.
- Additional challenge: Silhouettes.
- Additional challenge difficulty: Easy.
- Appearance: Standard.
The
Defaultcaptcha usage fee is included in the cost of Smart Web Security. -
Custom captcha: You can customize captcha difficulty, types of main and additional challenges, and appearance.Note
To use a custom captcha, select Disable domain verification in its settings.
The custom captcha usage fee is charged according to SmartCaptcha pricing policy.
Advanced Rate Limiter rules
An Advanced Rate Limiter rule calculates the number of requests received over a certain period of time. Requests are counted after they are allowed by the Smart Protection and Web Application Firewall rules, meaning that ARL rules have their own priority independent of other rules.
ARL rules allow you to set limits on either all traffic or its particular segments.
Unlike Smart Protection and WAF rules, ARL rules are configured in an ARL profile.
Rule actions
Actions for basic rules:
- Deny traffic whose parameters match the conditions.
- Allow traffic whose parameters match the conditions.
Actions for Smart Protection and Web Application Firewall rules:
- Full Protection: Traffic is checked by ML models and behavioral analysis algorithms. Suspicious requests are sent to SmartCaptcha.
- API Protection: Traffic is checked by ML models and behavioral analysis algorithms. Suspicious requests are denied.
Action for Advanced Rate Limiter rules: Block requests when exceeding the limit. Requests above the specified limit over a period of time will be blocked. The requesting client will get error 429.
The requests that were allowed by all rules and passed on to the protected resource are called legitimate.