Match type can be used to select a trusted list of client IPs or client IP groups. This section explains configuration of Match Type.
Client IP
To configure a match rule for the client IPs.
-
Select the match type as Client IP under Add Match Type.
-
Select Is or Is Not to provide permissions accordingly.
-
Click the drop-down menu under Value.
-
Select either Custom Value and enter the IP Addresses manually or select Internal.
This client IP match type supports IP Groups. For more information, see IP Group topic in the VMware NSX Advanced Load Balancer Configuration Guide.
HTTP Method
Use this to select only specific types of HTTP requests using the HTTP request methods like GET, CONNECT, DELETE, and more.
To define WAF Allowlist rules based on HTTP Method.
-
Select the match type as HTTP Method under Add Match Type.
-
Select Is or Is Not to match or negate the selection under Method.
-
Select one or more methods under Method field as shown below.
Path
To configure WAF Allowlist for specific URLs.
-
Select the match type as Path under Add Match Type.
-
Select the Criteria and String Group or Custom Stringwhich needs to be matched in the URL. For example, select Begins with and enter /application in the String Group or Custom String field, to allow all URLs with this prefix.
-
Select Match Case to enable case sensitivity.
Host Header
Use this method to apply rules to only requests that match the specified host header criterion.
To configure WAF Allowlist for specific Host Headers.
-
Select the Match Type as Host Header under Add Match Type.
-
Select the Criteria which need to be matched in the URL.
-
Enter the Value.