Ignore
column of the Tag Processing settings, the request is not subjected to Content Filtering. This allows certain requests to be whitelisted (for example, if they are from a trusted source), avoiding the overhead of unnecessary processing.blocked
. blocked
. blocked
.sqli
Tags, the parameter is checked for sqli
injection characteristics. If these are detected, appropriate Tags are added.xss
Tags, the parameter is checked for xss
characteristics. If these are detected, appropriate Tags are added.Active
or Report
list, this Rule is not evaluated.Active
and Report
tag lists for this Content Filter Profile.cf-rule-id-XXX
) Active
list, the request is blocked
.Report
list, the request is passed
. However, the Log Message(s) associated with the Tag(s) will be added to the traffic log.Active
list, the request is blocked
.Report
list, the request is passed
. However, the Log Message(s) associated with the Tag(s) will be added to the traffic log.Ignore
always "wins". It is dangerous to put anything other than specific Tags into it.Ignore
, the request is passed
.Active
, the request is blocked
.Report
, the request is passed with log entries
.Active
, the request is blocked
.Report
, the request is passed with log entries
.passed
.Ignore
mode. That Tag cannot result in the request being blocked, regardless of the severity of the injection signature or Content Filter Rule that produced the Tag.
Along with ensuring that all potential Tags are properly configured, it is also recommended that each Content Filter Rule has an appropriate Risk Level defined, and that each Content Filter Profile has the highest risk-level Tags (e.g., cf-rule-risk:5
, cf-rule-id:libinjection-sqli
, andcf-rule-id:libinjection-xss
) included in the Active mode. This ensures that the highest-risk requests will still be blocked.