Skip to main content
Using custom rules is a great way to ensure a thorough assessment and filtering of web requests. You can control access to specific URLs, limit access to your application, allow or block countries or organizations, and adjust WAAP behavior to a variety of use cases.
TipIf you only want to create Access control lists (ACL), check our Allowed IPs and Blocked IPs guide.
You can create the following types of custom rules:
  • WAAP rules consist of two key elements: rule type that defines the conditions for matching a rule and an action that will be enforced when the rule is triggered.
  • Rate limit rules allow you to set the limit for the number of requests allowed within a particular time range.
  • Tag rules contain tags, which are added to existing rules and function as identifiers for monitoring and analytics purposes. You can also create custom rules based on tags.

Actions in Custom Rules

Rule actions are triggered based on the conditions you specify. If you create multiple rules with the same conditions, then only the action with the highest priority level will take place. For example, you’ve created a rule that allows all requests from 1.1.1.1 to access your application, and then you added another rule to present a captcha response page to 1.1.1.1. In this situation, only the Allow action will be triggered because it has a higher priority level than the CAPTCHA action. The following table features all rule actions along with their priority levels.
TipThe Tag action doesn’t challenge requests. Thus, it has no assigned priority level.

Rule conditions

When creating a rule, it’s important to choose a proper type of condition that defines when the rule will be triggered. The following table features the available custom rule conditions.