Traffic sequencing

Traffic sequencing refers to the order in which IBM Cloud® Internet Services processes incoming web traffic. Understanding this sequence helps clarify how CIS applies different security and performance features, such as DDoS protection, firewall rules, and edge functions.

When you work with CIS, it can sometimes be confusing to know the order in which different operations are applied to your traffic. For example, whether firewall rules run before edge functions or page rules. Traffic typically flows through CIS in the following order:

1. Distributed Denial of Service (DDoS) protection - Initial defense to block large-scale attacks.

2. URL rewrites - Adjustments to incoming URLs before further processing.

3. Page rules - Custom rules that modify how requests are handled.

4. IP firewall rules - Filtering based on IP addresses.

5. Bot management - Identifies and manages automated traffic.

6. WAF and firewall rules, which generally process in this order:

   1. Firewall rules
   2. WAF rules
   3. Rate limiting

   Based on the actions and priority settings of the rules, steps in the firewall sequence can be bypassed. For example, a firewall rule with an early priority that allows certain traffic is processed first, and then skips over the rest of the rules in the sequence.

7. Edge functions - Custom scripts that run on the edge to modify requests or responses.

8. Global load balancer - Distributes traffic across your origin servers.

Knowing this sequence helps you understand how different security and performance features interact and which rules or functions take precedence.