Curiefense maintains a list of Content Filter Rules, and compares them to incoming requests. A request that matches a Rule will have various Tags applied, as described below.
Curiefense comes with many Content Filter Rules. You can modify existing Rules and create custom ones as well. An existing Rule can be selected for editing via the pulldown list on the upper right.
A Content Filter Rule is very similar to a traditional WAF signature, although it's more flexible.
Each Rule consists of two primary components:
Match criteria, against which incoming requests are compared
Tags to attach to requests which match the criteria.
The Tags attached to a request are used to make subsequent decisions about how the request is processed. The criteria for these decisions are configured in the Content Filter Profiles.
As shown in the screenshot above, Curiefense will define many Tags automatically, based on user inputs. Custom Tags can also be defined.
A Content Filter Rule is only used for assigning Tags to requests that match the defined criteria. For Curiefense to act upon the Tags -- for example, to block a request that was tagged with cf-rule-risk:5, which represents the highest level of risk -- the action must be configured in an active Content Filter Profile.
A name for the Rule, used within the Curiefense interface.
A general category for this Rule.
Custom Tags that will be attached to requests that conform to the Match conditions.
A text description of this Rule
A subcategory for this Rule, within the general Category.
An admin-assigned level of risk for requests that conform to the Match criteria.
When a request conforms to the Match criteria, this text is included in its traffic log entry.
The criteria against which incoming requests will be compared. For Content Filter rules only, regexps are of the hyperscan flavor (syntax).
Out of the box, Curiefense includes a wide variety of well-tested Content Filter Rules. Usually, there will be no need to edit their Match criteria (which can be quite complicated).
If edits are made, and later it becomes desirable to restore an edited Rule to its original form, an admin can revert it using the Versioning capabilities at the bottom of the page.