Table of Contents
Advertisement
In the Description field, type a short description of what the rule chain will match or other
Step 5
information.
Select a category for this threat type from the Category drop-down list. This field is for
Step 6
informational purposes, and does not change the way the rule chain is applied.
Under Counter Settings, to enable tracking the rate at which the rule chain is being matched
Step 7
and to configure rate limiting, select the Enable Hit Counters check box. Additional fields are
displayed.
In the Max Allowed Hits field, enter the number of matches for this rule chain that must occur
Step 8
before the selected action is triggered.
In the Reset Hit Counter Period field, enter the number of seconds allowed to reach the Max
Step 9
Allowed Hits number. If Max Allowed Hits is not reached within this time period, the selected
action is not triggered and the hits counter is reset to zero.
Select the Track Per Remote Address check box to enforce rate limiting against rule chain
Step 10
matches coming from the same IP address. Tracking per remote address uses the remote
address as seen by the SRA appliance. This covers the case where different clients sit behind
a firewall with NAT enabled, causing them to effectively send packets with the same source IP.
Select the Track Per Session check box to enable rate limiting based on an attacker's browser
Step 11
session. This method sets a cookie for each browser session. Tracking by user session is not
as effective as tracking by remote IP if the attacker initiates a new user session for each attack.
Click Accept to save the rule chain. A Rule Chain ID is automatically generated.
Step 12
Next, add one or more rules to the rule chain. See
Step 13
page 265
Cloning a Rule Chain
To clone a rule chain:
On the Web Application Firewall > Rules page, click its Clone Rule Chain icon
Step 1
Configure.
Click OK in the confirmation dialog box.
Step 2
You can now edit the rule chain to customize it. See
page
Deleting a Rule Chain
Note Deleting a rule chain also deletes all the associated rules.
To delete a rule chain:
On the Web Application Firewall > Rules page, click the Delete Rule Chain icon
Step 1
Configure for the rule chain you want to delete.
Click OK in the confirmation dialog box.
Step 2
Click Accept.
Step 3
The Disabled option allows you to temporarily deactivate a rule chain without deleting its
configuration.
for detailed information.
262.
"Configuring Rules in a Rule Chain" on
"Adding or Editing a Rule Chain" on
Web Application Firewall Configuration | 263
under
under
Hide quick links:
Advertisement
Chapters
Table of Contents
