Creating, editing, and deleting firewall rules
Firewall rules are deprecated. CIS moved existing firewall rules to WAF custom rules. For more information on this change, see Migrating to custom rules.
IBM Cloud® Internet Services firewall rules offer power and flexibility by targeting HTTP traffic and applying custom criteria to block, challenge, log, or allow certain requests.
You can create many types of firewall rules. However, the number of active rules on your site is limited by your customer plan. See Comparing CIS plans for more information on entitlements.
The number of active rules per plan is fixed. Currently, you can't purchase more active rules.
Before getting started, it's a good idea for you to become familiar with Using fields, functions, and expressions.
Creating a firewall rule
Follow these steps to configure a basic firewall rule:
-
Navigate to Security > Firewall rules.
-
Click Create.
-
Enter an optional description.
-
Optionally, input a priority, if necessary. A priority of zero is a null priority and is evaluated last.
-
Use the UI builder in the Incoming requests section to add a condition. To build an expression with multiple conditions, click either:
- And - to evaluate conditions that use and logic
- Or - to evaluate conditions or groups of previously and'ed conditions that use or logic
You can see that as you build a condition, the Expression Preview shows the expression in plain text.
In the Expression preview, you can click to edit your expression manually instead of using the Visual Expression Builder, or switch between the two. However, depending on the complexity of a manually constructed expression, the Visual Expression Builder might be unable to render it.
-
Pick an action from the Response list menu.
-
To save your rule, choose the most appropriate option by clicking either:
- Save as draft to save your rule, but leave it disabled.
- Save and deploy to save your rule and activate it.
Editing a firewall rule
Follow these steps to edit an existing rule:
- Navigate to Security > Firewall rules.
- In the firewall rules table, locate the rule that you want to modify, then click the Actions menu on the right of the row.
- Select Edit.
- Make your changes to the rule.
- To save your rule, choose the most appropriate option by clicking either:
- Save as draft to save your rule, but leave it disabled.
- Save and deploy to save your rule and activate it.
To pause or activate any rule in the list of existing rules, click the Enabled toggle.
Deleting a firewall rule
Follow these steps to delete an existing rule:
- Navigate to Security > Firewall rules.
- In the firewall rules table, locate the rule to modify and click the Actions menu on the right of the row.
- Select Delete.
- Confirm the rule deletion.