How to create WAAS Inline custom rule to block or allow specific paths and a default block rule
3874
Created On 04/07/23 06:46 AM - Last Modified 09/26/24 18:23 PM
Objective
WAAS In-Line custom rules with below requirements. (Applicable for both Containers and Hosts)
1. Configure a general Custom block rule that blocks all paths.
2. Configure specific Custom allow rule to allow specific paths.
Note : This is just an example guide. More complex patterns and numerous other options are available.
Refer the WAAS custom rules config guide for more examples.
Consider
http://abcd.com/home.html >>> valid path to be allowed
http://abcd.com/malicious.html >> Path that needs to be blocked
Environment
Prisma Cloud Compute Edition
WAAS In line for Containers and Hosts
Procedure
1. Configure in-line WAAS policy either for Host or Container.
2. Under Custom rules Click on Add Rule
3. Configure a Block All rule and use the below pattern match.
req.path contains "/"
4. Save the Rule and create another rule to Allow home.html
req.path contains "/home.html"
5. Make sure Action Prevent is selected for Block rule and Allow is selected for Allow rule.
Save the rule and then test the application.
1. http://abcd.com/malicious.html should now be blocked with a block page showing up as below.
2. http://abcd.com/home.html should be allowed as expected.
3. In fact all other paths other than http://abcd.com/home.html should be blocked.
Additional Information
The Prevent or Alert Events generated due the Custom rule can be viewed under
Monitor > Events > Attack Type > Custom Rule
When the count is clicked further details regarding each alert can be seen.