Skip to content

Commit ef7c3b7

Browse files
patriciasantaanapatriciasantaana
authored
[API Shield] Sequence rules lookback window matching mechanism (cloudflare#21303)
* sequence rules lookback matching * remove prereq
1 parent 6087116 commit ef7c3b7

File tree

2 files changed

+4
-1
lines changed

2 files changed

+4
-1
lines changed

src/content/docs/api-shield/security/sequence-mitigation/index.mdx

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -34,6 +34,10 @@ You can create Sequence Mitigation rules for a sequence even if the sequence is
3434

3535
You can create a sequence rule to enforce behavior on your API over time in two different ways. Sequence rules can either protect an endpoint from users performing a known specific sequence of API calls (otherwise known as a negative security model) or from users making API requests outside of your expectations (otherwise known as a positive security model).
3636

37+
Sequence rules built via the Cloudflare dashboard using API Shield rules utilize a lookback window to match endpoints in the sequence. The rule will match as long as both endpoints are found within [10 requests](/api-shield/security/sequence-mitigation/#request-limitations) (to endpoints within Endpoint Management) of each other and made within [10 minutes](/api-shield/security/sequence-mitigation/#time-limitations) of each other.
38+
39+
If you want to add multiple endpoints, ignore the lookback window, and configure time-based constraints, refer to [Sequence Mitigation custom rules](/api-shield/security/sequence-mitigation/custom-rules/).
40+
3741
In the bank funds transfer example, enforcing that a user requests `GET /api/v1/accounts/{account_id}/balance` before `POST /api/v1/transferFunds` is considered a positive security model, since a user may only perform a funds transfer after listing an account balance.
3842

3943
A negative security model may be useful if you see abusive behavior that is outside the norm of your application and you need to stop the requests while researching the correct positive security model to implement.

src/content/docs/bots/concepts/sequence-rules.mdx

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -13,7 +13,6 @@ Sequence rules is currently in private beta. If you would like to be included in
1313
## Prerequisites
1414

1515
- Your account must have the Fraud Detection subscription.
16-
- Each zone must have an API Shield subscription as it relies on [Endpoint Management](/api-shield/management-and-monitoring/).
1716
- Each zone must configure the endpoints to track via Endpoint Management.
1817

1918
---

0 commit comments

Comments
 (0)