Actions for Web Application Firewalls
Learn how to add and manage actions for web application firewall policies.
Actions are objects that represent one of the following:
-
Allow: An action, which upon matching rule, skips all remaining rules in the current module.
-
Check: An action which does not stop the execution of rules in current module. Instead it generates a log message documenting result of rule execution.
-
Return HTTP response: An action which terminates all further processing of an HTTP request or HTTP response and returns a predefined HTTP response that can be configured in the action definition.
When this action is run in an HTTP request rule, it prevents the HTTP request from being forwarded to a backend. Instead of returning the HTTP response from the backend, the HTTP response that was defined in the action is returned. This action is typically used to block HTTP requests matching specific criteria. When this action is run in an HTTP response rule, it prevents the original HTTP response from the backend from being sent back to the client. Instead, the HTTP response is replaced by the one defined in the action.
For this action, you can add details for the response page body, such as cause and further instructions. You can also enable Dynamic text support to add the
RequestID
variable in the page body. The request ID can help you with tracking and managing a request by providing a unique request identifier exposed in HTTP request and response headers.
Access the Actions list in the WAF Policies page under Resources. Here you can view all the existing actions and their type and how frequently they are employed as part of a rule. The Actions list contains the Manage Action function that allows you to add and delete actions.
You can perform the following actions management tasks: