Firewall Use Cases

This tutorial covers common use cases for the Firewall phase in Peakhour.IO.

1. Block Requests from Specific Countries

This filter identifies requests from specific countries:

ip.geoip.country in {"RU", "CN", "KP"}:

The configuration denies access to these requests:

firewall.deny:
  reason: "Access denied from this country"

2. Allow Only Specific IP Ranges

This filter identifies requests from a trusted IP list:

ip.src in $trusted_ips

The configuration allows access to these requests:

firewall.allow:
  reason: "Access allowed from trusted IP"

To use this configuration, create an IP list named "trusted_ips" with your allowed IP ranges:

192.168.0.0/16
10.0.0.0/8
172.16.0.0/12

For more information on creating and managing rule lists, see the Rule Lists documentation.

3. Block Known Bad User Agents

This filter identifies requests with specific user agent strings:

http.user_agent matches "*bad-bot*":

The configuration denies access to these requests:

firewall.deny:
  reason: "Suspicious user agent detected"

4. Implement Rate Limiting

This configuration implements rate limiting:

rate_limit.check_zone:
  zone: "global"
  key: 
    - type: "ip"
  action:
    type: "block"
    status_code: 429

The configuration checks if the request exceeds the rate limit for the "global" zone, using the IP address as the key. If the limit is exceeded, it blocks the request with a 429 status code.

These examples demonstrate how to use the Firewall phase to protect your application from various threats and control access based on different criteria.