Deny rules
Basic concepts: Deny rules

Deny rules establish a negative security model, they are also known as black lists.

They are organized in groups, where each group cover certain aspects of attacks and define conditions for request attributes such as HTTP method, request parameters or headers.

For a request to be blocked by a deny rule group, the following conditions must hold:

  • Any deny rule in the group must match.
    That is, matching states of deny rules within a group are combined by a logical OR operation.
  • A deny rule matches if all defined conditions match.
    That is, conditions within deny rules are combined with a logical AND operation.

Default deny rules

Airlock Microgateway provides a set of default deny rule groups to protect against common attack scenarios. For example, there are specific deny rule groups dealing with SQL injection or Cross-site scripting (XSS) attacks. These default deny rule groups are identified by the "(default)" name prefix and have a configurable security level.

Filtering JSON attributes

Airlock Microgateway automatically generates parameters from JSON objects. These JSON parameters are treated like parameters in GET or POST requests. For details please refer to the JSON filtering page.