Overview
StackPath provides WAF Enterprise customers with the ability to create, edit and manage their own advanced custom rules. Much like our basic custom rules, users are able to create rules using If/Then statements, but with an added level of sophistication.
Creating an Advanced Rule
Advanced Rules differ from basic WAF Custom Rules in that they support the use of more advanced conditions using CEL Syntax expressions.
Because of the highly technical aspect of this functionality, this ability is currently only available through our API. You can use our API documentation as a guide in constructing your own Advanced Rules
Below is a table of available objects you can use in your expressions along with their respective attributes and types.
Object | Attribute | Arguments | Type | Description |
client_data | Container | |||
fingerprint | Dict | Client fingerprint object | ||
response | Container | Container for response context | ||
headers | Dict | A dictionary of the response headers | ||
status | Var | Status code from the origin (integer) | ||
request | Container | Container for Request context | ||
rate_limit | Function | Returns true if the rate limit is exceeded | ||
content_type | String | A string with max. 30 chars (optional) | ||
interval | Integer | an Integer between 1 and +inf | ||
ip_list | List | A list of 0-10 items of: A string representing an UP address (IPv4 or IPv6) | ||
method_list | List | A list of 0-9 items of: an HTTP method | ||
requests | Integer | an Integer between 20 and +inf | ||
scope | Choice | One of the following values: IP, cluster | ||
status_list | List | A list of 0-20 items of: An integer between 100 and 999 | ||
url | URL | A valid URL | ||
ip_in_range | Function | Returns true if the client IP is contained within the given range | ||
from_ip | IP | A string representing an IP address (IPv4 or IPv6) | ||
to_ip | IP | A string representing an IP address (IPv4 or IPv6) | ||
headers | Dict | A dictionary of the request headers | ||
ip | Var | A string representing the client IP | ||
is_ajax | Function | Returns true if the request type is AJAX | ||
is_api | Function | Returns true if the request is an API call | ||
is_static | Function | Returns true if the request type is STATIC | ||
method | Var | Http method (uppercase) | ||
origin_ip | Var | A string representing the client origin IP | ||
path | Var | Path of the URL | ||
query_params | Var | Query params | ||
upload_file_content_type | Var | Content type of the uploaded file (e.g. image/png) | ||
upload_file_exentsion | Var | File extension of the uploaded file (e.g png) | ||
uri | Var | A full url string | ||
url | Var | A full URL string | ||
tags | Container | Container for tag matching functions | ||
all | Function | Returns true if all the given tags exist | ||
any | Function | Returns true if one or more of the given tags exist | ||
exists | Function | Returns true if the given tag exists | ||
tag | String | A string with max. 30 characters | ||
tag_list | List | a list of 1-10 items of a string with max 30 characters | ||
user_agent | Container | The User-agent header segments in lowercase | ||
client | Var | Client name (e.g chrome, firefox) | ||
client_type | Var | Client type (e.g. major, lib) | ||
client_version | Var | Client version (e.g 47.1.23) | ||
client_version_float | Var | Client version, Major.minor part (e.g 47.1) | ||
cpu | Var | CPU brand (e.g intel, amd) | ||
device | Var | Device brand (e.g iPhone, playstation) | ||
device_type | Var | Device type (e.g mobile, console) | ||
engine | Var | Engine type (e.g. gecko, applewebkit) | ||
os | Var | Client's OS (e.g linux, windows 7) | ||
whois | Container | Container for WHOIS data of the client IP | ||
country | Var | Country Code (uppercase) | ||
org | Var | organization name | ||
owner_type | Var | Owner Type |
Reviewing Existing Rules
Once an Advanced rule has been created, users are able to see these rules represented in the StackPath portal. From here, you can toggle the rule on or off from within the UI.