HAProxy ALOHA Documentation 15.5

Rule Customization

The Advanced WAF is implemented using the following different types of rules:

Type

Description

MainRule

These rules define conditions that may indicate a suspicious request. They also specify the threat score that should be allocated to such a request. A request can match multiple MainRule rules, increasing its threat score with each match.

BasicRule

These rules specify allowlist conditions for safe requests, called false positives, that would otherwise be flagged as suspicious by violating a MainRule.

CheckRule

These rules define the thresholds for threat scores. There is a separate threshold for each type of threat. When a request threat score exceeds the threshold, some designated action may be performed, such as blocking or reporting the request.

Learn how to customize the Advanced WAF rules:

Add a rule

Add a MainRule rule to define suspicious patterns.

Disable a rule

Add a BasicRule rule to disable a MainRule rule within a specific context.

Set score thresholds

Set score thresholds for violation categories.

Configure custom core rules

Load a built-in custom rule set


Next up

Add a rule