The use of tags across Curiefense
When an incoming request is received, Curiefense generates internal tags and assigns them to it.
Some tags are assigned early, and are used to make decisions about how the request is handled. For example, if a request's IP is found on the Spamhaus DROP list, it might be assigned a tag of "spamhaus". Then an ACL Policy might block the request because it contains that tag.
Some tags are defined by the user, while others are generated automatically by Curiefense.
A Global Filters List can be based on an external list (e.g., the Spamhaus DROP list), or a user-defined custom list (e.g., a list of IP addresses used by the internal QA team).
Many tags are generated automatically by Curiefense. Examples:
- Every request receives a tag of "all".
- Every request receives several tags according to its source (the IP address, geolocation, etc.)
- Requests which violate a security policy or have other problems, receive tags with descriptive names (e.g., the name of the policy that was violated).
When tag names are generated from underlying values (IP addresses, security rule names, etc.), hyphens will replace spaces and special characters.
If a request matches a libinjection check during Content Filtering, the following tags will be added:
Sometimes a request will get two separate tags that seem to be redundant. For example:
When a Security Policy is matched with a request, a tag is generated for the Security Policy itself, and for the Path Map that was used. If the names are similar (which is often true for default values, as in the example), then the tags can appear to be redundant.