Integrating lists in rules

Expression Builder

The Expression Editor allows users to create custom firewall rules by defining conditions based on attributes like IP addresses, HTTP headers, and URL paths. It helps filter traffic with greater precision using logical operators (AND, OR, NOT) for more granular security control.

To use a list in the Expression Builder, follow these steps:

1. Select is in list or is not in list from the Operator menu.
2. Select a list from the Value menu. Depending on your plan, you might be able to select a managed IP list.
3. To commit your changes and enable the rule, select Deploy. If you are not ready to enable the rule, select Save as Draft.

Expression Editor

The Expression Editor allows you to write and modify logical expressions used in security rules. It enables the combination of various conditions, such as IP address, request headers, and URL paths, to create tailored rules for traffic filtering and security enforcement.

To refer to a list in a rule expression, use $<list_name> and specify the in operator. Only one value in the list has to match the left-hand side of the expression (before the in operator) for the simple expression to evaluate to true. If there is no match, the expression evaluates to false.

Examples:

• Expression matching requests from IP addresses that are in an IP list named office_network:

  ip.src in $office_network
  

• Expression matching requests with a source IP address different from IP addresses in the office_network IP list:

  not ip.src in $office_network
  

• Expression matching requests from IP addresses in the CIS Open Proxies managed IP list.

  ip.src in $cf.open_proxies