Working with templated rules

IMPORTANT

This guide only applies to the Premier and Professional platforms. If you are on the Essentials platform, check out our Working with signals on the Essentials platform guide.

Templated rules are partially pre-constructed rules that can help you protect against Common Vulnerabilities and Exposures (CVE) and gain visibility into registrations, logins, and API requests. For example, you can enable the GraphQL API Query templated rule to track GraphQL API requests.

Types of templated rules

There are three types of templated rules.

Virtual patching rules

Virtual patching rules block or log requests matching specific vulnerabilities. These can be configured to send an alert after a threshold of matching requests. New virtual patching rules are announced through an optional email subscription. You can subscribe to virtual patching announcements in your account settings.

API protection rules

API protection rules tag requests made to your API, allowing you to detect patterns such as repeated API requests from an unexpected user agent. API Protection signals are informational, so only certain requests tagged with these signals will appear in the requests page of the control panel. See Storage categories for additional details.

NOTE

To use the GraphQL API Query templated rule, your agents must be on version 4.33.0 or above.

ATO protection rules

ATO protection rules enable you to quickly create rules to identify account takeover (ATO) attacks, such as failed password reset attempts. With the exception of the Login and Registration groups of signals, ATO Protection signals are informational, so only certain requests tagged with these signals will appear in the requests page of the control panel. See Storage categories for additional details.

Enabling and editing templated rules

To enable and edit templated rules, complete the following steps:

IMPORTANT

The Templated Rules page is only included with the Premier and Professional platforms. It is not included as part of the Essential platform.

  1. Log in to the Next-Gen WAF control panel.
  2. From the Sites menu, select a site if you have more than one site.
  3. From the Site Rules menu, select Templated Rules.

  4. Click View to the right of the rule you want to enable or edit.

  5. Click Configure in the upper-right corner to enable or edit the rule.

  6. In the condition-related fields, enter values specific to your application, such as paths, response codes, and headers. It is possible to add, edit, and remove conditions in the rule as necessary for your application.

  7. (Optional) If the Configure thresholds and actions section is available, select the action that should be taken (e.g., block or log).

    When configuring failure-based rules (e.g., Login Failure), you can also optionally define the:

    • threshold, the parameters that define how often an individual client can send requests that meet the rule's conditions before action is taken.
    • duration, the amount of time the action will occur.
    • notifications, whether notification should be sent via your site (also known as workspace) integrations.
  8. Click Update Rule or Update Site Rule.

Was this guide helpful?

Do not use this form to send sensitive information. If you need assistance, contact support. This form is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.