Configure a Policy

Policies are a collection of rules applied to your group and, therefore, your application.

You created a policy to configure when you created the group.

You can customize a policy to best suit your particular environment.

Mitigate vs. Report

Each protection feature can be set to either Mitigate or Report.

Mitigate: Reports events and protects application with the feature's current configuration.

Report: Reports events with the feature's current configuration but takes no other protection action.

Block vs. Captcha Mitigation

Application Security supports two mitigation options:

  • Block: When a security feature applies mitigation and the mitigation type is to block, a Block page is served as a response to the user, blocking access to the application.
  • Captcha: When a security feature applies mitigation and the mitigation type is Captcha, the user is served a CAPTCHA page. If the user successfully resolves the CAPTCHA challenge, the user is allowed access to the application. Otherwise, the user keeps being presented the CAPTCHA challenge page, preventing the user from accessing the application.

Some security features such as SQL Injection support only the Block mitigation type, some other security features such as IP Protection support configuring either Block page or Captcha page mitigation.

Customize the Captcha mitigation

The CAPTCHA resolution duration can be customized on a per group basis. The CAPTCHA resolution duration controls for how long the permit associated to the user lasts when the user resolves the CAPTCHA. Once the duration expires, if the condition still exists for the user to get a CAPTCHA challenge, such as the user IP address being on the IP Filter list, the user will be presented a CAPTCHA challenge again.

The default CAPTCHA resolution duration is 60 minutes. In order to modify the CAPTCHA resolution duration, select the Policies button to the right of your group's name. In the section GENERAL MITIGATION SETTINGS, select the button EDIT GENERAL SETTINGS. Set the CAPTCHA duration configuration to the required value. Then select SAVE GENERAL SETTINGS. Screenshot

Customize the Block page

Application Security provides a built-in, default Block page. The Block page can be customized on a per group basis. The block page's attributes that can be customized include:

  • Header: The default value is "Your request has been blocked"
  • Main page text: The default value is "We've detected unusual activity with your attempt to access the service"
  • Background color: The default value is hex color code #FFFFFF
  • Text color: The default value is hex color code #000000

In order to customize the block page, select the Policies button to the right of your group's name. In the section GENERAL MITIGATION SETTINGS, select the button EDIT GENERAL SETTINGS. Modify the block page values. Then select SAVE GENERAL SETTINGS. Screenshot

Configure a policy

On the dashboard, select the Policies button to the right of your group's name. Screenshot

On the left side of the page, the security feature names and their respective ON/OFF power buttons are listed. Screenshot

Select the power button to display a confirmation dialog box. Upon confirmation, the feature will be disabled and greyed-out in the dashboard as seen below: Screenshot

The Mitigate and Report buttons, as well as the Configure Policy button, are on the right side of the page.

Select Mitigate or Report to launch the confirmation dialog box. Upon confirmation, the feature will change state as expected. Screenshot

Manage a Policy Configuration

To open the policy configuration window of a security feature, select Configure Policy on the right side of the desired security feature.

Each security feature has different configuration possibilities. For more information about how to configure the security features, see