How to set up firewall rules?

To set up firewall rules, go to the ‘CDN’ > 'Enhanced security' > 'Firewall rules', then click the ‘Add rule’ button, and choose ‘Firewall rule’.

The following are the two simple steps to set up firewall rules.

Step 1: Set up firewall rule conditions

First, enter a rule name. Then you can specify the field, operator, and their corresponding values.

Field  Field value Operator  Operator value
Parameter in REQUEST/GET/POST Parameter name Check this article Parameter value
Any parameter in REQUEST/GET/POST n/a Check this article Parameter value
# of parameters in REQUEST/GET/POST Parameter value =, >=, >, < Integer
# of all parameters in REQUEST/GET/POST n/a =, >=, >, < Integer
Parameter name in REQUEST/GET/POST n/a Check this article Parameter name
# of parameter names in REQUEST n/a =, >=, >, < Integer
Method in REQUEST n/a Check this article Method
Header in REQUEST Header name Check this article Header value
Any header in REQUEST n/a Check this article Header value
# of header in REQUEST Header value =, >=, >, < Integer
# of all headers in REQUEST n/a =, >=, >, < Integer
Header name in REQUEST n/a Check this article Header name
URI in REQUEST w/ query string n/a Check this article URI value
URI in REQUEST w/ query string n/a Check this article URI value
Geo location n/a Include, exclude Country

Field and operator definitions:

  • REQUEST means request from any methods, i.e. it can be a GET request, POST request, PUT request, etc. 
  • GET (or POST) specifically means a GET (or POST) request (not just any request method).
  • = means equal, >= means not equal, > means greater than, and < means less than.
  • Include and exclude means what they meant, i.e to include and to exclude.

Field and operator value definitions:

  • Parameter is what comes after “?” in a URL. Given a parameter: color=blue, the parameter name is “color”, and the parameter value is “blue”.
  • Method means request method, e.g. GET, POST, PUT, DELETE, CONNECT, etc.
  • There are 3 kinds of headers: General headers, Request headers, and Response headers. Header name/value in REQUEST means, a header name/value on request header, e.g. header name: header value, host: developer.mozilla.org, user-agent: Mozilla/5.0, accept: application/xhtml+xml, etc.

You can add more conditions by pressing the ‘+’ button. You can also delete a condition by pressing the ‘Trash’ icon on the right hand side of the condition.

You can see the summary description of the conditions you created beside the ‘Hand pointer’ icon.

Step 2: Set up firewall rule actions

A specific action will be executed when the user request matches the condition/s you set above are met. 

You can set the specific actions by choosing one of the following: Block, Pass, Rate-Limit, Block & Redirect, and Challenge. 

  • Block: Mlytics will block the request when the condition/s are met.
  • Pass: Mlytics will allow the request to pass when the condition/s are met
  • Rate-Limit: Mlytics will initiate the rate-limit method when the condition/s are met. You can set the maximum allowed number of queries per minute, and the block time. The block time is the amount of time that queries will have to be blocked, if the queries exceed the maximum number of queries per minute. 
  • Block & Redirect: Mlytics will block and redirect the request when the conditions are met. You can set the redirect status (30x), and the link which is the URL where you want to redirect the request to.
  • Challenge: Mlytics will initiate the challenge method when the condition/s are met. You can set the challenge mode and the challenge passage. Challenge passage means the time it takes before a user will has to be challenged again, while challenge mode can have:
    • Browser-based (no delay): will initiate a JS challenge, which will trace whether the request was sent by a bot or not, before performing the request.
    • Browser-based (standard): will initiate a JS challenge, which will redirect the request to a timer page set for 5 seconds, before performing the request.
    • Human-based: will initiate a CAPTCHA challenge, which redirects the request to a test page where users have to take the “I am not a robot” test, before performing the request.

After you finish setting the conditions and action, click the ‘Create’ button to create the firewall rule.