medianova.comSupportLog in

Manage Rules & Actions

The Web Application Firewall (WAF) allows you to define Custom Rules that specify how incoming traffic is evaluated. Each rule can match certain request attributes and apply an action — such as Block, Allow, or Log Only — when conditions are met.

Managed Rules are automatically maintained by Medianova’s Security Team. Custom Rules are created manually to adapt the WAF to your specific application needs.

1

Access the Rule Management

To manage rules, log in to the Medianova Control Panel:

  1. Go to Security → WAF.

  2. Select your Dynamic CDN Resource.

  3. Open the Rules & Actions tab.

You’ll see a list of existing Custom Rules and the option to create new ones.

Managed Rules are always active by default. You can combine both Managed and Custom Rules for layered protection.

2

Create a New Custom Rule

Follow these steps to add a new rule:

  1. Click Add Rule.

  2. Enter a Rule Name for easy identification.

  3. Select a Field (parameter) from the dropdown — such as:

    • Request Method (GET, POST, etc.)

    • Client IP

    • Request URI

    • User Agent

    • Referrer

  4. Choose an Operator, such as equals, contains, or matches.

  5. Enter the Value to match.

  6. (Optional) Add additional conditions using the And operator.

  7. Select an Action to perform when the rule conditions are met:

    • Block – Reject the request and log the event.

    • Allow – Permit the request to proceed to origin.

    • Log Only – Record the request for review without blocking.

  8. Click Save to apply the rule.

You can chain up to three conditions in a single rule. Complex logic combinations are not supported.

Use “Log Only” for testing before switching to “Block” to minimize false positives.

3

Edit or Delete Existing Rules

You can modify or remove existing rules at any time:

  • Edit: Click the Edit icon next to a rule, adjust the fields or actions, and click Save.

  • Delete: Click the Delete icon to permanently remove the rule.

  • Reorder (if supported): Drag and drop to change rule evaluation priority.

Review logs frequently to ensure that new or modified rules behave as expected.

Understand Rule Actions

Each action defines how WAF handles a matched request:

Action
Behavior

Block

Immediately rejects the request with an error response.

Allow

Lets the request pass to the origin server.

Log Only

Records the event for analysis without blocking traffic.

Note: “Log Only” is ideal for testing or monitoring potential issues before applying stricter blocking rules.

PreviousHow to Activate WAFNextHandle False Positives

Last updated

Was this helpful?