KB: 1054

How Whitelist rule allows to add exceptions on existing rules (custom and managed)?

Problem Statement

The client wants to list granting only programs, IP, and email addresses access to the network, which is approved by the administrator. It blocks something that is not on the list.

Solution

Steps to Solve:-

The client can achieve the above requirement by utilizing the Whitelist Rule feature of the WAF.

1. Login into Haltdos console.

2. Client have to firstly create form rule to achieve the above requirement. Go to Apps > WAF > Listener > Profile > Profile default setting > Profile Rule > Rate Limit Rule > Add Rule > Save Changes.

3. Open the listener in the browser.

As we can see that from above picture the request has been blocked because we specify values or a range of values for various form fields of a web application form.

4. Go to Apps > WAF > Listener > Profile > Profile default setting > Profile Rule > Whitelist rule > Add rule > Configure Rule > Save changes

NOTE:- In above picture there is one option of custom rule id means ID that client assign the Rule.In whitelist rule we use custom rule id for whitelisted the rule so that action against that request will be allowed.In above rule detail client have to fill the custom rule id and they can get the custom id from existing rule "form rule".

5. Open the listener in the browser.

As we can see that from above picture client had made a form rule (in step 2) and it has dropping the request but with the help of whitelist rule client had whitelisted the existing form rule so that against that request will be allowed.