Adding a Response Control Rule to a Web Application Firewall Policy

Specify the prerequisite conditions that must be met for the rule action to occur. The parameters displayed can vary depending on the values that you select for Condition type and Operator. Select + Another condition to add another condition linked to the first one using AND. Select X to delete the associated condition row.

(Optional) Enable Show basic controls to specify a condition in the box using the condition syntax. See Understanding Conditions.

Select an existing rule from the Action name list to follow when the preceding conditions are met.

• Preconfigured check action: Allows the running of rules and generates a log message that documents the result.
• Preconfigured allow action: Skips all remaining rules in the current module.
• Preconfigured 401 response code action: Returns a defined HTTP response. The response code configuration (headers and response page body) determines the HTTP response that's returned when this action is run.

  For more information, see Actions for Web Application Firewalls.

To add an action, select Create new action. Enter the following information:

• Name: Enter the name of the action.
• Type: Select one of the following options:
  • Check: Allows the running of rules and generates a log message documenting the result.
  • Allow: Skips all remaining rules in the current module.
  • Return HTTP response: Returns a defined HTTP response. The response code configuration (headers and response page body) determines the HTTP response that's returned when this action is run.
    • Select Headers to display the HTTP response headers specified in the selected Return HTTP response action.
    • Select Response page body to display the HTTP response body specified in the selected "Return HTTP response" action.

      For more information, see Actions for Web Application Firewalls.

  Select Add action.

Select Add response access rule.

The response access rule you created appears in the Response access rules list.