Blocking levels

A blocking level represents a set of deny rules with different filter strengths. The blocking level is separately adjustable for each group on the Deny Rule tab of mappings. The overview on the global deny rule page (Application Firewall >> Deny Rules) indicates which deny rule is associated with which blocking levels. It is possible to adjust filter strength individually per attack type and mapping with a single click using blocking levels.

To change the blocking level on many groups and mappings at once, use the corresponding bulk operations on the reverse-proxy view.

Rules in level Basic focus on a low false-positive rate, simplifying the integration of applications. Note, however, that certain attack variants may not be covered.

• Indications for using level Basic:
• If level Standard requires too many exceptions.
• Application access is protected by upstream authentication.

Level Standard is the default setting on new mappings. It provides strong filters and a low false-positive rate. Exceptions may be required for input fields containing syntactical elements similar to JavaScript or SQL.

• Indications for using level Standard:
• The application is complex or dynamic.
• The application uses many input fields with unrestricted input values, e.g., free texts or comments.
• Application access is protected by upstream authentication.
• If level Strict requires too many exceptions.

Level Strict focuses on blocking many potential attack variants. This level is recommended for very sensitive applications and typically requires some integration effort.

• Indications for using level Strict:
• Login pages and other critical pages are exposed directly to the Internet without upstream authentication.
• The application is rather simple.
• Application data is very sensitive (high risk).
• Low code quality of an application.

Allows enabling/disabling of all rules in the group individually.