Custom policy
  • 27 Dec 2022
  • 4 Minutes to read

Custom policy


Traceable's Custom policy provides you the ability to create policies for granular control on API protection strategy. You can configure policies to protect your APIs based on the source of the traffic, specific patterns in the traffic, whether it is carrying any sensitive data or the rate at which the API is being accessed. The Custom Policy is separated in two categories, Malicious Source and Custom Signatures. 

  • Malicious Source – You can configure a custom policy to protect your APIs from Traceable detected known malicious sources such as suspicious users, IP addresses with poor reputation, sanctioned countries, Tor and so on.
  • Custom Signatures – You can configure custom signatures that you can use in detection.  The custom signature rule helps in fine-tuning the protection strategy by having granular control over the types of events generated and requests blocked. These rules apply globally to all the APIs. You can create custom rules for different parts of a request and response, for example:
    • URL 
    • Header name and value 
    • Parameter name and value 
    • HTTP method 
    • User-agent 
    • Host
    • Header
    • Body
    • Parameter

Custom Signatures are especially useful if you are migrating to Traceable from a legacy WAF and have custom rules that you would like to continue using. The rules can be configured for detection and/or blocking.


Configuring custom policy

Navigate to Protection > Settings > Custom Policy and click on Add Policy to start configuring Custom Policy. You can choose from adding a custom policy for Malicious Behavior or add a Custom Signature.

Malicious Behavior

Click on Malicious Behavior after clicking on Add Policy to start creating a policy. The configuration consists of three steps:

  1. Select the custom policy's criteria.
  2. Configure the action to be taken.
  3. Review the policy and save.

Set the criteria

As part of step 1, decide whether you want to create a policy based on an IP address or a range of IP addresses, or a policy based on a region. You can create policy based on the Environment. For example, you can decide to block the Afghanistan region across all the environments, as shown in the screenshot above. You can have another policy for production environment and select a different environment. Click on Next when you have completed setting the criteria.

Configure the action

Traceable provides the following three options for the action you can take for the event generated by the custom policy. 

  • Block request – Choose this option if you want to block all the requests from the configured IP address(s) or region.
  • Block all, except this – Choose this option if you wish to allow request only from the configured IP address(s) or the region.
  • Alert only, no blocking – Choose this option if you wish to be only alerted when a request matches the configured criteria. In this case, no requests are blocked.

You can also decide to configure the Severity of the generated event from low, medium, high, and critical. Select the time for which the rule should apply and click on Next.

Review and Submit

In the final step, review and submit the policy. If during the review, you wish to edit any criteria, you can do so by clicking on the edit button as shown in the screenshot below.


Custom signatures

Click on Custom signatures after clicking on Add Policy to start creating a custom signature policy. The configuration consists of three steps:

  1. Decide the custom policy's criteria.
  2. Configure the action to be taken.
  3. Review the policy and save.

Set the criteria

You can create a custom signature rule on one or more than one part of the request. Traceable provides different preset operations for each part of the request. For example, if you choose to create a rule on URL, you can have a rule with any one of the following operations:

  • Matches exactly
  • Does not match exactly
  • Contains string
  • Does not contain a string
  • Matches pattern
  • Does not match a pattern

You can also decide to add more conditions in the same rule for different or the same parts of the request. For example, you can create a custom rule with a condition on a URL and header name and value. Traceable carries out an AND operation on all the conditions defined in the rule.

Configure the action

Traceable provides the following options for the action you can take for the event generated by the custom signature rule. The options let you go through a process of verifying your custom signature rule, observing the generated events, and finally using them to block the requests.

  • Block request – Use this option to block requests based on the criteria that you have set.
  • Allow request – Use this option to allow requests based on the criteria that you have set. For example, in the above screenshot, if the request does not match pattern, that is, the request have HTTP methods besides GET, PUT, or POST then allow such requests.
  • Alert only, no blocking – Use this option to only generate an alert.
  • Mark for testing – Use this option when you want to test your custom signature rule before applying it to production data.  All the generated events are of low severity and Traceable does not generate any notifications for such events (if such events violate any configured rule).

Review and Submit

In the final step, review and submit the policy. If during the review, you wish to edit any criteria, you can do so by clicking on the edit button as shown in the screenshot below.


Was this article helpful?

What's Next