How to create rules to execute behaviors with Rules Engine for Edge Firewall

Implementing rules in your edge firewall using Rules Engine will allow you to determine the rules it should execute in specific scenarios.

This guide demonstrates the process of creating a rule with a practical example of verifying the existence of a certificate and returning a custom response when there isn’t one. This behavior is useful in scenarios such as adjusting your policies to comply with BACEN requirements.

To create a rule:

Access Azion Console > Edge Firewall.
Select the edge firewall in which you want to configure the rule.
Click the Rules Engine tab.
Click the + Rule button.
Give your rule a name and, optionally, a description.
In the Criteria section, select the SSL Verification Status variable.
As a comparison operator, select is esqual.
As an argument, select Missing Client Certificate.
In the Behaviors section, select Set Custom Response.
As arguments:
- On Status Code, add 401.
- On Content Type, add the content and header description. Example: application/json.
- On Content Body, pass the message you want to present to users.
Click the Save button.

To create a rule:

Access Real-Time Manager (RTM) > Edge Firewall.
Select the edge firewall in which you want to configure the rule.
Click the Rules Engine tab.
Click the New Rule button.
Give your rule a name and, optionally, a description.
In the Criteria section, select the SSL Verification Status variable.
As a comparison operator, select is esqual.
As an argument, select Missing Client Certificate.
In the Behaviors section, select Set Custom Response.
As arguments:
- On Status Code, add 401.
- On Content Type, add the content and header description. Example: application/json.
- On Content Body, pass the message you want to present to users.
Click the Save button.

Run the following POST request to create a rule, replacing [TOKEN VALUE] with with your personal token and the <edge_firewall_id> variable with your edge firewall id value:

curl --location 'https://api.azionapi.net/edge_firewall/<edge_firewall_id>/rules_engine' \
--header 'Accept: application/json; version=3' \
--header 'Authorization: Token [TOKEN VALUE]' \
--header 'Content-Type: application/json' \
--data '{
    "name": "SSL Verification",
    "is_active": true,
    "behaviors": [
        {
            "name": "set_custom_response",
            "status_code": 401,
            "content_type": "application/json",
            "content_body": "{}"
        }
    ],
    "criteria": [
        [
            {
                "variable": "ssl_verification_status",
                "operator": "is_equal",
                "conditional": "if",
                "argument": "MISSING_CLIENT_CERTIFICATE"
            }
        ]
    ]
}'

Key	Description
`name`	Name of the rule
`description`	Description of the rule
`behaviors`	Array that stores objects that define behaviors
`criteria`	Array that stores objects that define criteria

See the Azion API documentation to find out more about criteria and behavior objects.

You’ll receive the following response:

{
  "results": {
    "name": "SSL Verification",
    "is_active": true,
    "behaviors": [
      {
        "status_code": 401,
        "content_body": "{}",
        "name": "set_custom_response",
        "content_type": "application/json"
      }
    ],
    "criteria": [
      [
        {
          "variable": "ssl_verification_status",
          "operator": "is_equal",
          "conditional": "if",
          "argument": "MISSING_CLIENT_CERTIFICATE"
        }
      ]
    ],
    "last_modified": "2023-11-23T23:54:14.941097Z",
    "last_editor": "hannah.kahn+rtm@azion.com",
    "id": 28414,
    "order": 2
  },
  "schema_version": 3
}

Wait a few minutes for the changes to propagate.