Skip to content

Update policy.html #726

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 2 commits into from
Jun 23, 2025
+9 −9
Merged

Update policy.html #726

Changes from 1 commit
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
605bc02
Update policy.html
kudriavitsky Jun 23, 2025
611aef9
Update policy.html
kudriavitsky Jun 23, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
18 changes: 9 additions & 9 deletions content/includes/nap-waf/policy.html
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2856,13 +2856,13 @@ <h2 id="policy/ip-address-lists">ip-address-lists</h2>
<td><dl>
<dt>Specifies how the system responds to blocking requests sent from this IP address list.</dt>
<dd><ul>
<li><strong>Policy Default:</strong> Specifies that the Policy Blocking Settings will be used for requests from this IP address list.</li>
<li><strong>Policy Default:</strong> Specifies that thepolicy enforcementMode will be used for requests from this IP address list.</li>
<li><strong>Never Block:</strong> Specifies that the system does not block requests sent from this IP address list, even if your security policy is configured to block all traffic.</li>
<li><strong>Always Block:</strong> Specifies that the system blocks requests sent from this IP address list.</li>
</ul>
</dd>
</dl>
<p>Optional</p></td>
<p>Optional, if absent Policy Default is used.</p></td>
<td><ul>
<li>always</li>
<li>never</li>
Expand All @@ -2878,13 +2878,13 @@ <h2 id="policy/ip-address-lists">ip-address-lists</h2>
<tr class="odd">
<td><a href="#policy/ip-address-lists/ipAddresses">ipAddresses</a></td>
<td>array of objects</td>
<td>Specifies the IP addresses.</td>
<td>Specifies the IP addresses. Use CIDR notation for subnet definition.</td>
<td></td>
</tr>
<tr class="even">
<td><code>matchOrder</code></td>
<td>integer</td>
<td>Specifies the order index for IP Address List matching. If unspecified, the order is implicitly as the lists appear in the policy. IP Address Groups with a lower matchOrder will be checked for a match prior to items with higher matchOrder.</td>
<td>Specifies the order matching index between different IP Address Lists. If unspecified, the order is implicitly as the lists appear in the policy. IP Address Lists with a lower matchOrder will be checked for a match prior to items with higher matchOrder.</td>
<td></td>
</tr>
<tr class="odd">
Expand All @@ -2896,13 +2896,13 @@ <h2 id="policy/ip-address-lists">ip-address-lists</h2>
<tr class="even">
<td><code>neverLogRequests</code></td>
<td>boolean</td>
<td>Specifies when enabled that the system does not log requests or responses sent from this IP address list, even if the traffic is illegal, and even if your security policy is configured to log all traffic.</td>
<td>Specifies when enabled that the system does not log requests or responses sent from this IP address list, even if the traffic is illegal, and even if your security policy is configured to log all traffic. Optional, if absent default value is false.</td>
<td></td>
</tr>
<tr class="odd">
<td><code>setGeolocation</code></td>
<td>string</td>
<td>Specifies a geolocation to be associated for this IP address list. Optional</td>
<td>Specifies a geolocation to be associated for this IP address list. This will force the IP addresses in the list to be considered as though they are in that geolocation. This applies to blocking via "disallowed-geolocations" and to logging. Optional</td>
<td></td>
</tr>
</tbody>
Expand All @@ -2927,7 +2927,7 @@ <h3 id="policy/ip-address-lists/ipAddresses">ipAddresses</h3>
<tr class="odd">
<td><code>ipAddress</code></td>
<td>string</td>
<td></td>
<td>Specifies the IP address. Use CIDR notation for subnet definition.</td>
<td></td>
</tr>
</tbody>
Expand Down Expand Up @@ -3694,7 +3694,7 @@ <h2 id="policy/override-rules">override-rules</h2>
<p>Request Attributes:</p>
<blockquote>
<ul>
<li><strong>clientIp</strong>: Client IP address in canonical IPv4 or IPv6 format. Use CIDR notation for subnet definition. Example: <em>192.168.1.2</em> or <em>fd00:1::/48</em>. If <em>trustXff</em> (X-Forwarded-For) is enabled in the containing policy, then the value is taken from the configured header (XFF or other). The only supported boolean function for the clientIP attribute is <em>matches</em>.</li>
<li><strong>clientIp</strong>: Client IP address in canonical IPv4 or IPv6 format or ip-address-list. Use CIDR notation for subnet definition. Example: <em>192.168.1.2</em> or <em>fd00:1::/48</em>. If <em>trustXff</em> (X-Forwarded-For) is enabled in the containing policy, then the value is taken from the configured header (XFF or other). The only supported boolean function for the clientIP attribute is <em>matches</em>.</li>
<li><strong>host</strong>: The value of the Host header</li>
<li><strong>method</strong>: The HTTP method in the request</li>
<li><strong>uri</strong>: The URI (path part) of the request</li>
Expand All @@ -3705,7 +3705,7 @@ <h2 id="policy/override-rules">override-rules</h2>
<li><strong>headers['&lt;name&gt;']</strong>: (map-type) The value of the specified header name. Example: "headers['Accept'].startsWith('application')"</li>
</ul>
</blockquote>
<p><strong>Note</strong>: The "headers['&lt;name&gt;']" attribute does not support 'Cookie' as a header name.</p></td>
<p><strong>Note</strong>: The "headers['&lt;name&gt;']" attribute does not support 'Cookie' as a header name. Attribute "clientIp" supports using "ipAddressLists" in condition: "clientIp.matches(ipAddressLists['<name>'])</p></td>
<td></td>
</tr>
<tr class="odd">
Expand Down