StackPath's WAF rules allow you to define how web requests are inspected and what actions are taken when a request matches the defined criteria.
Each rule requires a top-level statement, and might contain nested statements, depending on the rule and statement type.
You can use the rules in the portal to manage web requests based on certain criteria such as:
- Scripts that are likely to be malicious. Attackers embed scripts that can exploit vulnerabilities in web applications. This is known as cross-site scripting (XSS).
- IP addresses or address ranges that requests originate from.
- Country or geographical location that requests originate from.
- Length of a specified part of the request, such as the query string.
- SQL code that is likely to be malicious. Attackers try to extract data from your database by embedding malicious SQL code in a web request. This is known as SQL injection.
- Strings that appear in the request, for example, values that appear in the
User-Agentheader or text strings that appear in the query string.
- Specific tags that StackPath has curated and made available.
Some rule types take sets of criteria. For example, you can specify up to 10,000 IP addresses or IP address ranges in an IP address rule. (I believe we have limits on this now?)
In addition to statements with web request inspection criteria, WAF supports logical statements for
NOT that you can use to combine conditions in a rule.
For example, based on recent requests that you've seen from an attacker, you might create a rule with a logical
AND statement that combines the following nested statements:
- The requests come from 184.108.40.206.
- They contain the value
- They appear to targeting JPEG files.
In this case, the web request needs to match all of the statements to result in a match for the top-level
In the StackPath Control Portal, there are three editors available to customers based on package level.
- IP firewall editor
- This editor is designed for less technical users who would prefer a straight-forward, simple tool to allow or block IP addresses.
- WAF rule editor
- This editor is designed for advanced users who want to create if / then statements to create rules.
- In addition to allowing or blocking IP addresses, you can use the WAF rule editor to create more complicated rules, such as filtering requests from specified countries or organizations.
- The WAF rules editor also allows you to create rules based on tags from a StackPath curated list.
- Advanced rules editor
- This editor is designed for highly technical users who would prefer even more control over the creation of rules.
- This feature is available to WAF Enterprise customers only.
StackPath's plans include a number of WAF custom rules available (vary based on the plan). Firewall rules are not counted as custom rules and are free for any plan that includes the StackPath WAF product. For more information, please see WAF Package Offerings.