In order to create a custom rule on MerlinWAF, you need to follow the steps below.
1. Enter the Rule Name
Rule name is used to distinguish the defined rules from others. It is useful to add special keywords related to the rule so that effective use of the rule filtering.
2. Select the Action
After requests are eliminated by the conditions given in the rule, an action is applied to them. Two available actions are implemented in the Merlin WAF, BLOCK and ALLOW.
If you select ALLOW, all other requests that cannot pass the conditions will be blocked, and vice versa.
3. Select the Field
You can select one field to restrict from the Field dropdown menu. Merlin WAF provides a rich set of fields to implement conditions on.
4. Select the Operator
The operator determines the operation that will be executed to perform this rule. The given value and request are compared according to the operation selected here.
These options are explained in detail in the Firewall Rules Language section.
5. Enter the Value
This value is the comparison criteria of the WAF rule.
6. Add More Conditions
You can logically combine the conditions to create a rule. You can click the AND & OR buttons on the panel to add a new condition. You can define as many conditions as you want.