More versatile Custom Protection Rules setup.

selenium

Updated 2 months ago

0

I would like to see more versatile mechanism of customizable protection rule setup.

Rules ordering. Assume lots of deny rules and allow rules, it would be better to order these rules by desire, no need of current explicit lists of rule type, for more precise access controlling. Similar to Cloudflare implementation. Build a chain of custom rules, evaluate rules by order until a custom rule hits, then decide what further action to take defined by the custom rule, allow, deny, challenge, auth, pass down to further scrutiny by built-in/managed rules, etc. For my use case, because of SafeLine blocks Git over HTTP by default, I add a custom rule to regex match Git UA string to allow Git operations. Although there are already default rules of blocking malicious IPs, defining such Allow rule, without a clearly-documented or desired order of rule evaluation, can be another spot of vulnerability, bypassing the rest part of protection under SafeLine's current WAF implementation.
Selectively bypass selected built-in/managed rules while preserving other types of scrutiny in custom protection rules setup. Sometimes a HTTP request can look suspicious or be similar to attacking while is actually not, especially when internally exchanging large amount of sensitive information, in headers, query parameters or body payloads, e.g. Internal communications among Gitea/Gogs/GitLab/Jenkins/S3/OIDC/And many others wrongly blocked by SafeLine, until I manually add Allow rules.
Allow Modification/Deletion of default protection rules that are for Search Engine Spider and Malicious IP. I don't want Search Engine to index and crawl my private site.
More match target options in rule setup. e.g. Possible to block IP by ASN?