Looking for clarification on the documentation on Firewall Rules and action precedence.
We would like to write a Firewall Rule that both “Allows” requests through the firewall and “Bypasses” the “Rate Limiting” feature. (It’s easier to configure once here than per Rate Limiting rule.)
It seems like it could be possible by creating two rules and ordering the Bypass rule to fire before the Allow rule.
However, the documentation in the Firewall Rules > Actions article seems somewhat ambiguous, as it says both:
- “If the same request matches two different rules which have the same priority, precedence determines the action to take. […] The only exception to this behavior involves the Log action. Unlike the other actions, Log does not terminate further evaluation within Firewall Rules.”
- "Requests which match the Bypass action are still subject to evaluation (and thus a challenge or block) within Firewall Rules, based on the order of execution. "
Does the latter point mean that requests that match the Bypass rule could also be Allowed, “based on the order of execution”, or are “challenge or block” the only remaining possibilities? Either way, the second point makes it seem like Bypass makes Log actually not unique in not terminating further evaluation, which seems to conflict with the first point. We will test using one of our non-production sites, but I thought it would be helpful to post/ask here nonetheless.
Thanks in advance!