Book IndexHideShow
Back to topic

Cloud Application Security

Create Rate Rules

Create Rate Rules

In addition to built-in rate parameters, you can create custom rates to use in security and delivery rules. A rate filter triggers the rule when the rate passes a specified threshold.

For example, you can create a security rule for the following scenario:

If a client accesses /login.html from China more than 20 times per minute, block it.

This new functionality boosts your ability to mitigate brute force or scraping attacks, which use a high rate of activity to gain unauthorized access to resources. It also helps detect uncommon or irregular user behavior. Custom rate rules are an extension of our existing mitigation capabilities in which you can create custom security or delivery rules to meet a specific need.

Note: Due to the asynchronous nature of the system, rate rules may be triggered only after the rate count passes the threshold by several requests. Therefore, rate rules are recommended for use cases that are tolerant to such events. For example, you might want to use it to make sure that a specific API is not called more than 500 times in a minute.

In this topic:

How does it work?

Step1: Create a rate rule.

A new Count (Rate) action is available in rules. A rate rule counts the number of requests received that match your specified criteria within a specified amount of time. For example, how many requests for your site's login page are received per minute.

  • Rates can be counted per IP or per session.
  • Rate rules are run after redirect rules.
  • You can create up to 32 counters (rate rules) per site.
  • The rate is counted per proxy, not globally.

Step 2: Use the rate as a filter in a security or delivery rule.

Once the rate rule is created, you can create a new security or delivery rule, using the rate in the rule filter. For example, if the login rate you defined above is greater than 12, send an alert.

Note: A custom rate rule that is used by another rule cannot be disabled or deleted.

How to create custom rate rules

To create a rate rule:

  1. In the Cloud Security Console, navigate to Websites > Rules.
  2. Click Add Rule to create a new rule.
  3. Create the rule filter according to your needs.

    For more details, see Create Rules and Rule Filter Parameters.

  4. Under Rule Action, select Count (Rate).

    Context: IP or Session.

    Interval: Enter a value between 10 and 300. It must be a multiple of 10.

  5. Give the rule a name and save it.

    A rate rule name may not contain special characters, including the underscore ("_") character or periods ("."). Only alphanumeric characters, hyphens ("-"), and spaces are allowed.

The rule is now listed under Rates on the Rules page.

To create a rule using the custom rate:

  1. On the Rules page, click Add Rule to create a new rule.
  2. In the rule filter, in the If field, select Custom Rate.
  3. In the Rate field, select a custom rate you previously created.

    In this example, you select a rate you created called Login Rate that measures requests for your site's login page:

    Tip: You can include multiple filters and rates in a single rule.

  4. Fill in the remainder of the fields, selecting the Security or Delivery rule action you want, such as Alert.

Using a rate rule in the API

A rate rule name may not contain special characters, including the underscore ("_") character or periods ("."). Only alphanumeric characters, hyphens ("-"), and spaces are allowed.

When using a rate rule in the API, make sure to follow the accepted syntax for rule filters, as follows.

If the name of your custom rate rule includes spaces, replace the spaces with hyphens ("-") to use the rate rule as a filter in another rule.

For example, on the Rules page, if a custom rate rule named Login Rate rule is used in another rule, it would look like this:

In the API, use login-rate instead of Login Rate.

Read more

Join the Discussion