Content Filter Rules

This section allows for the administration of Content Filter Rules within Curiefense.

The input controls at the top of this page are described here: Policies & Rules Entry Administration. Specific editing of a Content Filter Rule is described below.

Overview

Curiefense maintains a list of Content Filter Rules, and compares them to incoming requests. A request that matches a Rule will have various Tags applied, as described below.

Curiefense comes with many Content Filter Rules. You can modify existing Rules and create custom ones as well. An existing Rule can be selected for editing via the pulldown list on the upper right.

Purpose

A Content Filter Rule is very similar to a traditional WAF signature, although it's more flexible.

Each Rule consists of two primary components:

  • Match criteria, against which incoming requests are compared

  • Tags to attach to requests which match the criteria.

The Tags attached to a request are used to make subsequent decisions about how the request is processed. The criteria for these decisions are configured in the Content Filter Profiles.

As shown in the screenshot above, Curiefense will define many Tags automatically, based on user inputs. Custom Tags can also be defined.

A Content Filter Rule is only used for assigning Tags to requests that match the defined criteria. For Curiefense to act upon the Tags -- for example, to block a request that was tagged with cf-rule-risk:5, which represents the highest level of risk -- the action must be configured in an active Content Filter Profile.

Parameters

Out of the box, Curiefense includes a wide variety of well-tested Content Filter Rules. Usually, there will be no need to edit their Match criteria (which can be quite complicated).

If edits are made, and later it becomes desirable to restore an edited Rule to its original form, an admin can revert it using the Versioning capabilities at the bottom of the page.

Last updated