Set Protect rules

Protect rules monitor applications for attacks. If you have RulesAdmin permissions and Protect is enabled, you can set these rules.

To set rules:

  1. Select Applications in the header, then select an application name > Policy > Protect.

    Image shows applications in the header, the policy tab and protect tab selected, and the drop down menu in the right column with the options off, monitor, block and block at perimeter.

  2. To filter the policies to just see Protect rules, select Protect rules from the filtering menu above the policy results. You can also enter a Protect rule by name in the search field.

  3. For each rule, you can turn Protect on and set the mode it uses in different environments. Select the drop-down menu for each environment to set how you want Protect to either block or monitor attacks. Choose one of these modes:

    • Off: This disables the rule altogether.

    • Monitor: The agent will identify and report attacks.

    • Block: The agent will identify, report and block attacks.

      Warning

      If an attack matches a rule, and that rule is set to "Block" mode, the AttackBlockedException is thrown.

      To keep your application from crashing, make sure it's configured to catch the AttackBlockedException.

    • Block at perimeter: The agent will block a possible attack before the application can process it. This option is not available for all rules.

    • Monitor at perimeter: The agent will attempt to identify and report a possible attack before the application can process it. This option is not available for all rules.

      Note

      If you block or monitor at the perimeter, the agent doesn't verify the attack at the sink. This may lead to more false positive results.

    Tip

    You can test policies by setting a different mode for a Protect rule in each environment. This lets you see how various options work in pre-production and won't disrupt production defenses.

  4. To apply the same settings to multiple rules, select the checkbox for each rule you want to change. You can also use the Rule checkbox to select all rules. Select Change mode. In the window that appears, set the Protect mode for each environment you want to change. Select Save to complete the action.

    Image shows window with options to set modes for Development, Test (QA) and Production.

  5. You can also set Protect rules for each environment across applications. To do this, go to user menu > Policy management > Protect rules.

    Image shows grid with list of Protect rules with filter and search highlighted and the name of a rule highlighted.

    Use the drop-down menu to filter the rules by language or the search field to find a rule by name. Select a rule name to manage settings for all applications that currently use the rule. Use the drop-down menus to set the Protect mode for each environment.

    Image shows Protect rules grid with Block and Monitor mode settings in the Development, Test (QA) and Production columns.
In this section: