In order to create a custom rule on MerlinWAF, you need to follow the steps below.
1. Enter the Rule Name
Rule name is used to distinguish the defined rules. It is useful to add special keywords related to the rule so that effective use of the rule filtering.
2. Select the action
After requests are filtered by the conditions given in the rule, an action is applied to them. Two available actions are implemented in the Merlin WAF, BLOCK and ALLOW.
If you select ALLOW, the requests that match with the conditions of the rule will be allowed. If the request does not match with the rule, the system continues to try the next rules.
3. Select the Field
You can select one field to restrict from the Field dropdown menu. Merlin WAF provides a rich set of fields to implement conditions on.
4. Select the Operator
The operator determines the operation that will be executed to perform this rule. The given value and request are compared according to the operation selected here.
These options are explained in detail in the Firewall Rules Language section.
5. Enter the Value
This value is the comparison criteria of the WAF rule.
6. Add More Conditions
You can logically combine the conditions to create a rule. You can click the AND & OR buttons on the panel to add a new condition. You can define as many conditions as you want.