Rule Lists Use Cases

This tutorial covers common use cases for Rule Lists in Peakhour.IO.

1. Create a Trusted IP List for Administrative Access

Create an IP list named "admin_ips" with the following entries:

10.0.0.0/8
172.16.0.0/12
192.168.0.0/16
203.0.113.42

Use this list in a firewall rule:

ip.src in $admin_ips

Configuration:

firewall.allow:
  reason: "Administrative access allowed"

2. Block Known Bad User Agents

Create a text list named "bad_user_agents" with the following entries:

BadBot/1.0
MaliciousCrawler/2.1
SuspiciousClient/0.9

Use this list in a firewall rule:

http.user_agent in $bad_user_agents

Configuration:

firewall.deny:
  reason: "Suspicious user agent detected"

3. Rate Limit Requests from Non-Trusted ASNs

Create an integer list named "trusted_asns" with the following entries:

13335
16509
14618

Use this list in a rate limiting configuration:

not (ip.geoip.asnum in $trusted_asns)

Configuration:

rate_limit.add_zone:
  zone: "untrusted_asn"
  key: 
    - type: "ip"
rate_limit.check_zone:
  zone: "untrusted_asn"
  action:
    type: "block"
    status_code: 429

These examples demonstrate how to use Rule Lists to create flexible and maintainable configurations in Peakhour.IO. For more information on creating and managing rule lists, see the Rule Lists documentation.