This step allows you to adjust the order of your rules as they are executed by your web ACL. It is important to note that WAF rules are executed in the order that they appear within a web ACL, and as soon as a match is found, no other rules are checked for that request. So, ensure you set these rules in the correct order to filter your requests appropriately. A common method of high-level management is to list them in order of the following:
- WhiteListed IPs – Allow
- BlackListed IPs – Block
- Bad Signatures – Block
WhiteListed IP addresses are IP addresses that are trusted and allowed to communicate with your associated resource. BlackListed IP addresses are addresses that have been defined as malicious or bad and are therefore explicitly blocked. Finally, bad signatures relate to any rules that meet other conditions, such as other attack patterns.
To adjust the order of your rules, follow these two simple steps:
...