Firewall Rules Management
Current Service Status
The Firewall Rules feature is fully operational and available for all VNIS domains. Users can create, modify, and manage custom firewall rules in real-time with immediate effect on incoming traffic.
Quick Start
- Access firewall rules: Navigate to Origin Shield > Firewall rules and select your domain
- Create a new rule: Click Add rule and define your rule name and filtering conditions (URI, Header, Method, etc.)
- Configure action: Choose the appropriate action (Block, Pass, Rate-limit, Redirect, or Challenge) with any required parameters
- Save and enable: Click Create to save the rule and ensure it's enabled to start filtering traffic
Overview
The Firewall Rules feature allows users to set up and manage custom firewall rules for each domain. When a request matches the conditions of any rule, the system will apply the corresponding action: block, pass, rate-limit, redirect, or apply security challenge.
Rules List Interface
The firewall rules list includes the following information:
-
Action: Action when conditions are matched (Block, Pass, etc.).
-
ID: Unique identifier of the rule.
-
Rule Name: User-defined rule name.
-
Field: Location where conditions are applied (e.g., Header, URI, Method, etc.).
-
Enable: Allows enabling/disabling individual rules independently.
-
Edit/Delete Functions:
- Pen icon: Opens detailed rule editing interface.
- Trash icon: Removes rule from the system.
Enable/Disable Rules
- Toggle the Enable switch to activate or pause rules.
- The system will only execute rules that are in enabled status.
Edit and Delete Rules
- Click the pen icon to edit rule content, conditions, or actions.
- Click the trash icon to permanently delete rules from the list.
Execution Order Arrangement
The order of rules affects the request processing. The system executes in top-to-bottom order, with rules positioned higher having higher priority.
To rearrange rule order:
- Click the Reorder button in the rules list interface.
- Drag and drop each row to change the order.
- After completion, click the Reorder button to save the new positions.
Rules placed at the top of the list will have the highest priority during processing.
Firewall Rules Setup
The VNIS system allows setting up firewall rules to control and process incoming HTTP requests based on custom conditions configured by users. These rules can be used to block, allow, rate-limit, or require access authentication.
To set up rules, access Origin Shield > Firewall rules, then select the domain to configure from the domain management area.
Click the Add rule button to create a new rule. The setup process includes two main steps:
Step 1: Configure Rule Application Conditions
In the creation interface, you need to enter the rule name and set up checking conditions including:
- Field: Data field to filter (URI, Header, Method, etc.)
- Operator: Condition comparison operator
- Value: Specific value used for comparison
The system will apply the corresponding action if the request matches all declared conditions.
A rule can include multiple conditions. Use the '+' button to add or the trash icon to delete conditions.
Examples of supported data fields:
| Field | Filter Value | Operator | Value |
|---|---|---|---|
| Parameter in REQUEST/GET/POST | Parameter name | =, !=, contains, regex... | Parameter value |
| Any parameter in REQUEST/GET/POST | n/a | (same as above) | Parameter value |
| Header in REQUEST | Header name | =, !=, regex... | Header value |
| URI in REQUEST (with/without query) | n/a | =, contains, start-with, regex... | URI path |
| Method in REQUEST | n/a | = | GET, POST, PUT, DELETE... |
| Geo location | n/a | Include, Exclude | Country name |
Step 2: Configure Actions When Conditions Are Met
After setting up conditions, you need to choose the corresponding action that the system will execute:
| Action | Description |
|---|---|
| Block | Block the request immediately. |
| Pass | Allow the request to pass without additional checking. |
| Rate-Limit | Apply access frequency limits. Additional configuration: number of requests/minute and block time if threshold exceeded. |
| Block & Redirect | Block the request and redirect to another URL. Additional configuration: HTTP status code (30x) and redirect link. |
| Challenge | Require user authentication via browser. Can configure: |
| - Challenge passage: time before challenging again | |
| - Challenge mode: | |
| - Browser-based (no delay) – JavaScript check without delay | |
| - Browser-based (standard) – JavaScript check with 5-second delay | |
| - Human-based – CAPTCHA "I am not a robot" |
After completing the setup steps, click Create to save and apply the rule to the system.
Getting Support
For assistance with firewall rules configuration:
- Technical Support: Contact our support team for help with complex rule configurations or troubleshooting
- Documentation: Refer to the OWASP documentation for security best practices when creating custom rules
- Best Practices: Test rules in simulation mode before enabling them in production to avoid blocking legitimate traffic
- Performance Impact: Monitor your origin server performance when implementing rate-limiting rules with high thresholds