Walter.BOM Namespace
Walter.Web.FireWall Namespace
ASP-WAF | .Net API for WAF Systems

RuleNumber Enumeration

A static class used to map rule numbers to rule names (reference only)

Namespace:  Walter.Web.FireWall
Assembly:  Walter.Web.FireWall (in Walter.Web.FireWall.dll)


public enum RuleNumber


Member nameDescription
None No rule applied
CrossSiteRequest Accessing a resource from outside the domain (cross site) is rejected if the domain is not white-listed
SaltHeader If Request contains a Salt header then Match UserSalt with header
SaltCookie If Request contains a Salt header as well as a Salt Cookie then Match UserSalt with header and salt cookie
SessionHeader If Request has SessionId header then it should Match the Page Session Hash
SessionCookie If Request has SessionId header then Match Page Session Hash and user Cookie Session hash
PageGroupHeader If Request has PageRequest Group Header then Match to Page was send to user
PageGroupCookie If Request has PageRequest Group Header and CookieWas set then Match to Page was send to user
AddHockRequests If resource referred by other domain then this must be enabled on the endpoint
DistributedDenialOfService The same page would only be visited a given time in a given time span by users that do not interact with the page
HitRatioViolation The same page would only be visited so many times by a user in a given time in a given time span
RejectKnowsMaliciousUsers The user should not be flagged as malicious by database, cookie or session storage
RefreshViolations The same page has been refreshed to often
PenetrationAttempt The user provided a url that looks like a penetration attempt was made
Scrubbing The user is not supposed to data-mine the provided data
WrongProtocol The wrong protocol
WrongUserType Wrong user type
BlockedGeography If the requested resource or the firewall doesn't allow access from a geographical region then intervene
UserGenerated User generated block request
FilterActionProtectorViolation Action Protector filters rejected the request
ModelFilterViolation Model did not contain a page request in the proper association
LimitedReferrersOnly The resource or AJAX endpoint is accessed from a location that was not white-listed for the endpoint with the annotation
NotSupportedHandler A Handler was called that is not supported
PhishyRequest A Phishy request was detected
AgentsConsideredMalicious A bad browser was used
PoisonedCookies The user provided a cookies have been altered, looks penetration attempt are made
AgentsReputationBlocksAccess the agents reputation blocks access to the resource
NavigationOutsideRenederedSiteMap The user navigated to a link that was not provided to him
RejectPortScanners The reject port scanners
RejectHoneyPotTraps accessed a link that was set to be a honey pot
RejectAPIAccess API access is not allowed
RejectAccessForISP Internet service provider is blocked
RejectAccessUAForISP Internet service provider blocks User Agent
RejectTCPResetAttacks a possible TCP reset attack received
TCPResetAttack A TCP reset attack detected
BlacklistedUser The user was blacklisted
BlacklistedIPAddress The IP address was blacklisted
BlacklistedInterNetServiceProvider The Internet service provider was blacklisted
BlacklistedCountry The country was blacklisted
CSPReportGeneratedByBrowser The browser triggered a CSP violation
PortPhishyRequest A request from a source intercepted that attempted to access the application as well as monitored non application ports
CommonVulnerabilitiesExposuresExploits A known Common Vulnerabilities and Exposures exploits (CVE)
RejectTorNodes The reject tor nodes


Please note that rule numbers can be updated when the firewall get's updated or the subscription engine provides rules that are not included in this list