Manage Custom Firewall Rules
- Select a website from the drop-down at top-left
- Choose 'Firewall'
The firewall page lets you construct custom rules to block, allow, monitor, or challenge specific types of traffic.
You can create custom rules for specific IPs, IP ranges, countries, organizations, and more.
Each rule can have multiple conditions. For example, you can configure a rule to block traffic from a specific IP in a certain country.
Messages are shown to site visitors for actions such as 'block' and 'captcha'.
Important - The firewall prioritizes rules by action type. It does not use a 'ladder' system whereby rules are prioritized by their position in the list. Action priority is as follows:
1. Monitor
2. Allow
3. Block
4. Captcha
… so in the event of a conflict, 'Monitor' rules overrule 'Allow' rules, which in turn overrule 'Block' rules and so on.
For example, suppose a piece of traffic is covered by three separate rules:
- Rule A - 'Block' the traffic based on
country
- Rule B - 'Allow' the traffic based on URL
- Rule C - Show 'Captcha' based on
content type
The traffic is allowed as allow rules supersede block and captcha rules.
Open Firewall Rules interface
- Open the cWatch dashboard
- Select the target website from the menu at top-left
- Click the 'Firewall' tab
- Or click the hamburger button and select 'Firewall'
|
Custom WAF Rules - Column Descriptions |
||||||||||
|---|---|---|---|---|---|---|---|---|---|---|
|
Column Header |
Description |
|||||||||
|
Rule ID |
An auto–generatedidentity number for each rule. |
|||||||||
|
Rule Name |
The label of the rule. |
|||||||||
|
Type |
The origin category targeted by the rule. For example IP, country, content type, organization. |
|||||||||
|
Details |
Specific items within the chosen category. For example, if 'Country' is the 'Type', this column shows the |
|||||||||
|
Action |
The process the firewall will execute on the target if rule conditions are met. Possible values are:
|
|||||||||
|
Buttons |
|
|||||||||
The 'Firewall' interface allows you to:
- Select the target website from the menu at top-left
- Click the 'Firewall' tab
- Or click the hamburger button and select 'Firewall'
- Click 'Add New Rule' at the top right
- Condition 'If' – Choose the source of the traffic:
- IP – Enter a specific IP
- IP Range – Enter an IP range. For example, 192.168.2.1,192.168.255
- URL - Enter the name of the domain you want to specify for the condition, in part or full.
- The rule will apply for traffic from all domains whose domain name partially matches with the value entered here.
- Select 'Exact Match' if you have entered the domain name in full. The rule will only apply to requests from the specific domain.
- User Agent - Client software. For example, a browser, mail client or crawler which makes a request to the website. You need to enter the string to identify the client.
- You can view a list of user agent strings at http://www.useragentstring.com/pages/useragentstring.php
- For example, The string for Firefox 64.0 is 'Mozilla/5.0 (X11; Linux i686; rv:64.0) Gecko/20100101 Firefox/64.0'
- Select 'Exact Match' if you have entered the string in full. The rule will only apply to requests from the specific version of the user-agent.
- Header – The HTTP header field.
- HTTP Method – Options are: Post, Get, Head, Put, Delete, Patch and Options.
- File Type / Extension – Enter the file type / extension parameter. For example – pdf. exe
- Content Type - Enter the content type. For example: application/json
- Country - Select a country from the drop–down
- Organization - Name of the entity with whom the IP is registered. For example, Google, Amazon, Facebook and so on. So, if you enter Amazon, all IPs registered by Amazon will apply for the condition.
- Duplicate the condition. The duplicate condition is shown underneath the original, ready for you to modify as required.
- Add Condition - Create another criteria for the action. Conditions are always 'And', so all conditions must be satisfied before the selected action is implemented.
- Action – Choose how the traffic or access request from the selected source should be dealt with. The available options are:
- Allow - All traffic from the country is permitted. This includes legitimate traffic, bots etc.
- Block - No traffic is allowed from the country. An error message is shown to users.
- Monitor - Traffic from the country is logged. This action is particularly useful for testing out potential 'Captcha' and 'Block' rules. You can discover what traffic is affected before setting up a rule that might negatively impact customers.
- Captcha - Shows an interactive test that allows visitors to prove they are human.Users need to pass the test to access the website. Captcha images are generated randomly.
- Click 'Save' to add the new rule.
- Select the target website from the menu at top-left
- Click the 'Firewall' tab
- Or click the hamburger button and select 'Firewall'
- Click the
icon beside the rule to be edited
- The 'Edit Rule' dialog is similar to the 'Add Rule' dialog
- See the explanation above for the description of parameters
- Edit the parameters and conditions and click Save for the changes to take
effect
Any new custom firewall rule is enabled by default when added. Rules that need not be triggered can be disabled temporarily and can be enabled when required.
- Select the target website from the menu at top-left
- Click the 'Firewall' tab
- Or click the hamburger button and select 'Firewall'
Use the 
switch beside the rule to enable or disable it.
Custom firewall rules that are no longer needed can be removed from the website.
- Select the target website from the menu at top-left
- Click the 'Firewall' tab
- Or click the hamburger button and select 'Firewall'
- Click the
icon beside the rule to be edited
- Enter the label of the rule in the confirmation dialog and click 'Delete Rule'