Rule-based filtering

Airlock Gateway provides fine granular allow and deny rules filter mechanism for HTTP requests.

Allow rules

Allow rules are a kind of allow list filter. They define which requests are allowed.

  • There are two conditions that must be met by an HTTP request in order to be allowed for further processing:
  • There must be at least one applicable allow rule.
  • Each applicable allow rule must be satisfied by the HTTP request.

An allow rule is applicable if the path of a request URL matches the configured path pattern.

An allow rule is satisfied by a HTTP request if it is applicable and the HTTP request satisfies all criteria defined by the allow rule.

During processing of an HTTP request, allow rules are applied first. Deny rules are only applied if the allow rules allow the request.

Deny rules

Deny rules establish a negative security model, they are also known as deny lists. Deny rules are processed as the first filtering stage after decoding and decryption.

Deny rules are organized in groups. Deny rules within a group cover certain aspects of attacks and define conditions for request attributes such as HTTP method, request parameters, or headers.

  • For a request to be blocked by a deny rule group, the following conditions must hold:
  • Any deny rule in the group must match. That is, matching states of deny rules within a group are combined by a logical OR operation.
  • A deny rule matches if all defined conditions match. That is, conditions within deny rules are combined with a logical AND operation.

Default deny rules

Airlock Gateway provides a set of default deny rule groups to protect against common attack scenarios. There are specific deny rule groups dealing with SQL injection or Cross-site scripting (XSS) attacks, for instance. These default deny rule groups are identified by the "(default)" name prefix and have a configurable security level, one for blocking and one for additional logging. In order to see all rules belonging to a group, click on the group name or the expand icon on the right side of the group row to expand the view.