You can edit an allow rule by clicking on it in the list. To add a new rule, you click on the final entry in the list, which says New entry.
When creating a new allow rule, you must at least provide a unique rule name and a path pattern. For the other fields the default values work without a change. The comment field is optional and helps to document your allow rule.
You can use the patterns defined on the Filter patterns page to configure the patterns for HTTP method and Request content type. The default patterns used are not very restrictive and it is recommended to define your own patterns to restrict the set of allowed HTTP requests to your applications.
In the bottom section of the configuration page, you can create criteria for the parameters of the evaluated HTTP request. The evaluation logic for the parameters is similar to the overall logic of allow rules: You can specify parameter rules (one per line) that parameters must satisfy if the parameter is applicable for the parameter rule.
- For each parameter, the same two conditions apply:
- There must be at least one applicable parameter rule.
- Each applicable parameter rule must be satisfied by the parameter.
A parameter rule is applicable if the parameter name pattern matches the parameter name.
A parameter rule is satisfied by a parameter if the parameter value is matched by the parameter value pattern.
If there is no parameter rule, no parameters are allowed for the HTTP request. On the other hand, if there are some parameter rules marked as mandatory (Mand.), there must be at least one parameter present for which the parameter rule is applicable or the HTTP request does not satisfy the allow rule.