AlosShield DOCS

Firewall Examples

This rule blocks IPs that exceed certain thresholds for GET and POST requests or use disallowed HTTP methods:

If an IP sends more than 120 GET requests or 20 POST requests within 30 seconds, it gets blocked.
Only GET and POST methods are allowed. Any other HTTP method (such as PUT or DELETE) is blocked.

(ip.get > 120 OR ip.post > 20) or (http.method != GET AND http.method != POST)

This rule combines two checks:

Rate Limiting: If an IP address sends more than 120 GET requests or 20 POST requests in 30 seconds, it gets blocked.
Method Restriction: Only GET and POST methods are allowed. Any other HTTP method, such as PUT or DELETE, is blocked.

Any rate limits are on a 30-second basis, so once the IP is blocked, it remains blocked for 30 seconds.
Even though you might be doing http.path, it still counts towards the HTTP/S traffic.
When country blocking, use the alpha-3 country codes. Click here to see them.
When filtering countries, the alpha code must be in all CAPS.
When filtering by ASN, you must use the ASN number without the "AS" prefix.

You can have multiple rules by using the OR operator and surrounding the rules with brackets ().

For example, if you want to block the country Afghanistan while also allowing only 10 GET requests per IP, this is how you would do it:

(ip.get > 10) or (ip.country == AFG)

This is counted as two rules. Each section of the block, challenge, blockpath, and cache rule will support 50+ rules per domain.