Adding a rule to an ARL profile
You can only add ARL rules to an ARL profile. Basic rules, as well as Smart Protection and WAF rules, are added to a security profile.
-
In the management console
, select the folder the ARL profile resides in. -
In the list of services, select Smart Web Security.
-
In the left-hand panel, select
ARL profiles. -
Select the profile to add a rule to.
-
Click
Add rule and proceed as follows in the window that opens:-
Enter a name for the rule.
-
(Optional) Enter a description.
-
Set the rule priority. This priority applies only to ARL rules and is independent of the rule priority in the security profile.
-
(Optional) Enable Enable dry run (logging only) to test the rule and estimate the load on the web service. Requests will not be blocked in this mode.
-
Under Conditions for traffic, specify which traffic the rule will be used to analyze:
-
All traffic
: The rule will be used to analyze the whole traffic. -
On condition
: The rule will be used to analyze the traffic specified in the Conditions field:IP
: IP address, IP address range, or IP address region.HTTP header
: HTTP header string.Request URI
: Request path.Host
: Domain receiving the request.HTTP method
: Request method.Cookie
: Cookie header string.
You can set multiple conditions. To do this, select all the condition types you need in the Conditions field.
You can also set multiple conditions of the same type. To do this, click
and or or in the section with the condition you need.To delete a condition, click
.
-
-
Under Request counting, select:
-
No grouping
: Counting each request individually. -
Grouping by property
: Counting request groups sharing one or more common properties.-
Select a grouping property:
Automatic grouping Grouping by key Request path
: Request pathHTTP cookie
: String in the cookie headerHTTP method
: Request methodHTTP header
: String in the HTTP headerIP address
: IP address the request came fromQuery params
: String in the request parametersRegion
: IP address region of the requestsHost
: Domain receiving the requestTo group by key, specify the key value.
-
(Optional) Enable
Case-sensitive
to put properties with the same values in different cases into different groups.
-
Specify a request limit or request limit per group as well as a time interval (from
1 second
to60 minutes
) for the limit. All requests above the limit will be blocked. -
-
Click Save rule.
-