Configuring Web Application Firewall
In the portal, environments using the v1 load balancer can also configure a web application firewall. This is done on the firewall page in the load balancer modal.
To get there:
- Environments from the main, left-hand navigation.
- Select the environment from the first column.
- Scroll down to the services tile, and click on the manage tab of the load balancer.
- Select the Firewall page.
The controller must be set to Enable Custom Config for the firewall config to be applied.
After enabling the Firewall Configuration, the user sees an example Rule entry.
Firewall Rule Fields
Each Rule is comprised of 4 fields
| Field | Description |
|---|---|
| description | A text description of the rule, providing context or notes about what the rule is intended to do. |
| skip | A boolean value indicating whether the rule should be skipped (true) or processed (false). |
| type | Specifies the action of the rule. Typical values might include "deny" or "allow". |
| conditions | An array of conditions that must be met for the rule to apply. Each condition contains: |
- type: The type of match to perform (e.g., "ip-match"). | |
- operator: The comparison operator to use (e.g., "=="). | |
| - value: The value to compare against (e.g., an IP address). For IP addresses, both addresses and CIDR's are supported. |
Supported Types
The currently supported types are:
ip-match
Supported Operators
The currently supported operators are:
==!=
Example Firewall Configs
[
{
description: "allow all traffic",
skip: false,
type: "allow",
conditions: [
{
type: "ip-match",
operator: "==",
value: "0.0.0.0/0",
},
{
type: "ip-match",
operator: "==",
value: "::/0",
},
],
},
];[
{
description: "This is a rule",
skip: false,
type: "deny",
conditions: [
{
type: "ip-match",
operator: "==",
value: "50.234.222.10",
},
{
type: "ip-match",
operator: "==",
value: "2600:6b4a:223f:93cf:84a1:4afd:9221:8988",
},
],
},
];