Third-party rules can be uploaded to the LoadMaster. You can also write your own custom rules, which can be uploaded. These rules must be in the ModSecurity rule format to upload correctly. The Custom Rules screen enables you to upload WAF Custom Rules (.conf) and associated WAF Custom Rule Data (.data or .txt) files. The first character in the filename must be an alpha character or an underscore (_). The other characters in the filename can include full stops (.) or dashes (-). You can also upload gzip-compressed Tarball files (.tar.gz) that contain multiple rule and data files.

Note: We do not recommend using the WAF rule "redirect" action in custom rules because of the impact this has on system performance. You should use content rules instead for that purpose.
Note: Based on OWASP recommended best practices, the order of WAF rule processing was changed in LoadMaster firmware version 7.2.57. As of 7.2.57, custom rules are processed before the OWASP CRS rules.

To check the order that the rules are processed in:

  1. Go to System Configuration > Logging Options > System Log Files > Debug Options and click the Enable Logging button next to Enable WAF Debug Logging.
  2. When WAF debug logging is enabled, if there are WAF debug logs - the option WAF Debug Log File becomes available in the System Log Files screen. Click View to view the WAF debug log file.
  3. You can see what order the rules are processed in. Lines that say Invoking rule specify when the rule was processed.

    To upload rule and data files, follow the steps below:

    CAUTION: Be aware that enabling the WAF debug logging option will generate logs that may include Personally Identifiable Information as defined under the General Data Protection Agreement (EU GDPR). You should follow your organization's best practice to protect this information which may include anonymizing, deleting, or encrypting the data within the logs.
  4. In the main menu, go to Web Application Firewall > Custom Rules.

  5. To upload custom rules; in the Installed Rules section, click Choose File.

    Individual rules can be uploaded as .conf files. Alternatively, you can upload a package of rules in a .tar.gz file.

    Note: Rules listing IP addresses with the /32 subnet mask are not supported and will not upload successfully.
  6. Browse to and select the rule file(s) to be uploaded.
  7. Click Add Ruleset.
  8. To upload any additional data files, in the WAF Custom Rule Data section, click Choose File.

    The additional files are for the rules’ associated data files. If you uploaded a Tarball, the rules and data files can be packaged together.

  9. Browse to and select the additional data files to be uploaded.
  10. Click Add Data File.

The rules are now available to assign within the Virtual Services modify screen. Refer to the next section to determine how to configure the Virtual Service to use the installed rules.

Delete/Download a Custom Rule or Data File

Custom rules and data files can be deleted or downloaded by clicking the relevant buttons.

Note: If a rule is assigned to a Virtual Service, you cannot delete it.