Access Control Management

Provides an overview of access controls associated with Web application firewall (WAF) policies, including their creation, updating, and deletion.

WAF access control consists of creating and managing access rules for the following controls:

  • Request controls: Rules controlling the inspection of HTTP request properties and the return a defined HTTP response. See Request Control Management for more information.
  • Response controls: Rules controlling the inspection of HTTP response properties and the return a defined HTTP response. See Response Control Management for more information.

Access Rules

Describes the conditions for an access rule used with a WAF policy.

As a WAF administrator, you can define explicit actions for requests that meet various conditions. Conditions use various operations. A rule action can be set to allow, check, and return HTTP response for all matched requests. See Actions Management for more information on actions.

If a WAF policy resource has multiple access rules configured, the rules are run in order. You can reorder these rules as needed.

The available conditions for an access rule are listed and described in Understanding Conditions.

Access rules are distinct for request control and response control of a WAF policy. The same access rule cannot be shared between the two types of controls. Management of access rules, such as adding, editing, and deleting an access rule, is described in the Request Control Management and Response Control Management sections.