Skip to content

Creating Your First Firewall Rule

This tutorial will guide you through creating your first custom firewall rule in Peakhour. By the end of this tutorial, you will have a functional rule that blocks traffic from specific countries, a common security measure to reduce unwanted traffic and attacks.

Duration: 10 minutes Prerequisites: A Peakhour account with an active domain. Learning Goals: Understand the components of a firewall rule, create a rule using the rule builder, and verify that it is working.

Understanding Firewall Rules

A firewall rule in Peakhour consists of three main parts:

  1. Name: A descriptive name to help you identify the rule's purpose.
  2. Expression: The condition that determines when the rule should be applied. This is written in our powerful Wirefilter language.
  3. Action: What to do when the expression is true. Common actions are deny (block), allow, or challenge (present a JavaScript challenge).

Rules are evaluated in order of priority, from top to bottom. The first rule that matches a request will have its action executed, and no further rules will be evaluated.

Navigate to the Firewall Rules Page

  1. Log in to your Peakhour dashboard.
  2. Select the domain you want to protect from the domain list.
  3. In the main navigation, go to Rules Engine > All Rules.
  4. Ensure you are on the Firewall phase tab.

Create a New Rule

We will create a rule to block traffic from a few high-risk countries.

  1. Click the Add New Rule button.
  2. A form will appear to create your new rule.

Configure the Rule

Fill in the rule details as follows:

  1. Rule Name: Enter a descriptive name, for example, Block High-Risk Countries.
  2. Filter (Expression): This is where you define the condition. We will use the rule builder to create it.
    • In the first dropdown, select Country.
    • In the second dropdown, select is in.
    • In the text box, type the two-letter country codes for the countries you want to block, separated by commas. For this example, let's use Russia, China, and North Korea: RU, CN, KP.
    • The generated Wirefilter expression will look like this: ip.geoip.country in {"RU", "CN", "KP"}.
  3. Actions: This defines what happens when the rule matches.
    • Select the Deny action.
    • You can optionally provide a Reason for the block, which can be useful for logging and debugging. For example: Access denied from this country.
  4. Enabled: Make sure the "Enabled" checkbox is ticked to activate the rule immediately.

Your final rule configuration should look something like this:

  • Rule Name: Block High-Risk Countries
  • Filter: ip.geoip.country in {"RU", "CN", "KP"}
  • Action: Deny
  • Reason: Access denied from this country

Save and Deploy the Rule

  1. Click the Save button to add the rule to your staged changes.
  2. A banner will appear at the top of the page: "You have uncommitted changes...".
  3. Enter a descriptive Commit message, such as "Added rule to block high-risk countries".
  4. Click Commit.

Your new rule will be deployed globally within a few minutes.

Verify the Rule

You can verify that your rule is working by checking the Firewall Events.

  1. Navigate to Analytics & Logs > Events > Firewall Events.
  2. After some time, if traffic from the blocked countries attempts to access your site, you will see events in the log where the "By" column shows "Firewall" and the "Action" is "block".
  3. You can group the events by Country to see a summary of blocks per country.

Congratulations! You have successfully created and deployed your first firewall rule to enhance your website's security. You can now create more complex rules to protect your site from a wide range of threats.