ALOS Documentation

Firewall Examples

This rule blocks IPs that exceed certain thresholds for GET and POST requests or use disallowed HTTP methods:

(ip.get > 120 OR ip.post > 20) or (http.method != GET AND http.method != POST)

Explanation:

This rule combines two checks:

  1. Rate Limiting: If an IP address sends more than 120 GET requests or 20 POST requests in 30 seconds, it gets blocked.
  2. Method Restriction: Only GET and POST methods are allowed. Any other HTTP method, such as PUT or DELETE, is blocked.

TIPS:

How to have multiple rules:

You can have multiple rules by using the OR operator and surrounding the rules with brackets ().

For example, if you want to block the country Afghanistan while also allowing only 10 GET requests per IP, this is how you would do it:

This is counted as two rules. Each section of the block, challenge, blockpath, and cache rule will support 50+ rules per domain.

All current ips

This allows you to filter by ip source

USA LA:

ip.src

This allows you to filter by ip source

ip.asn

This allows you to filter by an ip asn

ip.country

This allows you to filter by an ip country

ip.count

This is the total request count of an ip

ip.get

This is the total GET request count of an ip

ip.post

This is the total POST request count of an ip

ip.head

This is the total HEAD request count of an ip

ip.put

This is the total PUT request count of an ip

ip.delete

This is the total DELETE request count of an ip

ip.patch

This is the total PATCH request count of an ip

ip.options

This is the total OPTIONS request count of an ip

ip.connect

This is the total CONNECT request count of an ip

ip.trace

This is the total TRACE request count of an ip

http.version

This is the http version of the request

http.method

This is the http method of the request for example GET or POST

http.path

This is the http path of the request

http.query

This is the http query of the request

http.user_agent

This is the http user agent of the request