The BASIC > Services page allows you to create content rules for a Service. Rules added to the Service allow content-aware processing decisions for Web traffic within that Service. Rules can use HTTP request headers to make load balancing and caching policy decisions. The type of challenge to be presented to the incoming clients for validation can be enabled when you edit a content rule on the BASIC > Services page.
To add a content rule to a Service:
- On the BASIC > Services page in the Services section, locate the Service you want to add a content rule to.
- Click Rule next to the Service. The Add Content Rule window appears.
- Specify values for the following fields:
- Rule Group Name – Name to identify this rule group.
- Status - Set to On to make this rule group part of the rule match.
- Mode - By default, a Service is set to Passive mode which allows intrusions to be passed to the servers, but logs to assist in refining the security policy. Set to Active to log and block intrusions. The Active mode enforces the policy according to the Action Policy defined for the violation group on the SECURITY POLICIES > Action Policy page.
Active - Blocks any request when an anomaly or intrusion is observed.
Passive - Logs all anomalies and intrusions found and allows the traffic to pass through the Barracuda Web Application Firewall. Use this mode in the initial stages of deployment, when you cannot afford to have any false positives which may break the Service.
- Access Log - Set to Enable to allow access logs to be generated for a service.
- Host Match – Enter the matching criterion for host field in the Request Header. This is either a specific host match or a wildcard host match with a single " * " anywhere in the host name. Specify * if you want the rule to be matched with any host. If the Service hosts multiple applications under different domains and you wish to add the rule only for a particular domain, enter the relevant host name such as - www.example.com or *.example.com.
- URL Match – Enter the matching criterion for URL field in the Request Header. The URL should start with a "/" and can have only one " * " anywhere in the URL. A value of /* means that the ACL applies for all URLs in that domain. Use /* if you want to cover all the URLs in your domain. (Example: /*, /index.html, /public/index.html)
- Extended Match – Enter an expression that consists of a combination of HTTP headers and/or query string parameters. Use '*' to apply to any request, that is, do not apply the Extended Match condition. Refer to Extended Match Syntax Help to find out how to write extended match expressions.
- Extended Match Sequence – Specify a number that will determine the order for matching the extended match rule. The order range is 1 to 1000 (default is 1000).
- Click Add.