Using header modifications in rules

I’d like to allowlist a series of IP addresses and ranges so that those users NEVER match a rule.

Am I correct in understanding that I would:

  1. go to Transform Rules > Modify Request Headers, then create an expression that matches all of the IPs I want to allowlist**, then (for example)
    Set static > whitelist > true.

  2. in each rule in Security > WAF, modify each rule with something like:

(all(http.request.headers["whitelist"][*] ne "true")) and
(
  (cf.threat_score ge 50) or

  (starts_with(lower(http.request.uri.path), "/wp-")) or
  (starts_with(lower(http.request.uri.path), "/wordpress"))
)

If that’s correct, what’s the difference between “Set static” and “Set dynamic”?

** I also note that the forum changes whitelist to allowlist. Does this mean that I can’t use a header name of whitelist?

You’re asking about some very different things here. You started with expressions for WAF rules and Transform rules, then asked about Static and Dynamic. Those are part of the setting that results from an expression match. They are not related.

“Static” means it’s fixed text. Whatever you put in there is what shows up. “Dynamic” means you’re using variables (fields) to set the content (Step 8):

I think that’s just a quirk of the forum. You can use that header in your rule.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.