Dashboard: Filter configuration

In the Filter configuration of the Qrator Labs personal dashboard, you can configure filtering requests to the selected domain or service. Filtering can be performed based on HTTP headers, countries of request origin, or user defined rules.

Filter by HTTP headers

The filters allow to automatically form dynamic black and white lists of users' IP addresses based on the User-Agent and Referer headers. These dynamic lists control how the Qrator Labs network will process future requests from the same IP addresses, even when the IP addresses are not added manually to IP lists.

Each rule is checked independently of other rules. If at least one rule is triggered for the white list, the requests from the user are considered legitimate. If at least one rule is triggered for the black list, all requests from the user after the current request are considered illegitimate. Other cases are processed by the Qrator Labs network as usual.

The white list rules have higher priority than the black list rules.

Add a rule

  1. Select the domain in Domains or service in Services.

  2. Select Filter configuration.

  3. Next to the HTTP Headers section title, enable the checkbox if it is not yet enabled.

  4. Next to a list of rules, click Add rule.

  5. Fill out the following fields:

    • Header to test: User-Agent or Referer.
    • The test method:
      • = (equals) β€” the header must have the exact value entered in the text field.
      • Contains β€” the header value must include the substring entered in the text field.
      • Is Empty β€” the header must not be specified.
    • The string used for the test.
  6. To save the changes, click Save in the notification at the bottom of the screen.

    The changes will be applied within a few minutes.

Delete a rule

  1. Select the domain in Domains or service in Services.

  2. Select Filter configuration.

  3. In the HTTP Headers section, find the rule you want to delete and click next to the rule.

  4. To save the changes, click Save in the notification at the bottom of the screen.

    The changes will be applied within a few minutes.

Disable filtering by headers

  1. Select the domain in Domains or service in Services.

  2. Select Filter configuration.

  3. Next to the HTTP Headers section title, disable the checkbox.

  4. To save the changes, click Save in the notification at the bottom of the screen.

    The changes will be applied within a few minutes.

Filter by country

This filter allows you to limit access to the resource for users from specific countries. The source country of the request is determined by the IP address using the [MaxMind GeoIP] database (https://www.maxmind.com/en/geoip2-services-and-databases).

Note that the geo-filter is ignored when the user's IP address is in the black or white IP list.

Enable filtering by country

  1. Select the domain in Domains or service in Services.

  2. Select Filter configuration.

  3. Next to the Geo-filters section title, enable the checkbox if it is not yet enabled.

  4. In the dropdown list, select the filtering mode:

    • Allow requests only from the specified countries.
    • Deny requests from the specified countries.

    In both cases, the first request from a user will be considered legitimate, but after it, the IP address will be blacklisted if it does not match the condition. If the reverse HTTPS proxy is used without key disclosure, the IP address will be blacklisted after receiving the logs for the first request, which may cause an additional delay.

  5. Edit the list of countries. The countries in the list are represented by codes according to [ISO 3166] standard (https://en.wikipedia.org/wiki/ISO_3166), for example, the code FR is used for France.

    • To add a country to the list, click its code in the dropdown list. To search for the desired country, type one or both of the letters of its code in the text field.
    • To delete a country from the list, click the X mark next to its code.
  6. To save the changes, click Save in the notification at the bottom of the screen.

    The changes will be applied within a few minutes.

Disable filtering by country

  1. Select the domain in Domains or service in Services.

  2. Select Filter configuration.

  3. Next to the Geo-filters section title, disable the checkbox.

  4. To save the changes, click Save in the notification at the bottom of the screen.

    The changes will be applied within a few minutes.

User defined rules

In the User defined rules section, you can configure conditions for blacklisting or whitelisting IP addresses based on a large amount of properties from both requests and responses (see the list below). You can also combine the conditions into more complex rules using the AND, OR, and NOT logical operations.

The conditions are being checked at the moment of sending the response from the upstream to the user. If the request and the response match the conditions, the selected action will be applied to the future requests from the same IP address.

  1. Select the domain in Domains or service in Services.

  2. Select Filter configuration.

  3. Next to the User defined rules section title, enable the checkbox if it is not yet enabled.

  4. Configure the list of rules.

    To add a rule, click Add rule at the bottom of the page. To delete a rule, click next to the rule.

  5. To save the changes, click Save in the notification at the bottom of the screen.

    The changes will be applied within a few minutes.

Available actions for rules are:

  • Whitelist β€” send the response to the current request, ignoring other filters and the black list.
  • Blacklist β€” send the response to the current request, but blacklist the IP address for the future requests.
  • RateLimit β€” limit the requests frequency according to the Leaky bucket algorithm. When this action is selected, you can specify the Rate and Burst values for the algorithm.

Available condition types:

  • nested condition groups:

    • AND β€” the condition is matched when all the nested conditions are matched.
    • OR β€” the condition is matched when at least one nested condition is matched.
    • NOT β€” the condition is matched when the nested condition is not matched.
  • request property tests:

    • Method β€” the request's HTTP method.
    • Path β€” the path to which the request was made.
    • Query β€” the string containing the GET arguments.
    • Request Uri β€” the full request URI. Includes the protocol, Host, Path, and Query.
    • Host β€” the host to which the request was made.
    • Header β€” the value of an arbitrary HTTP header from the request. The header name is entered in the first text field.
    • Cookie β€” the value of an arbitrary cookie from the request. The cookie name is entered in the first text field.
    • User Agent β€” the value of the User-Agent header from the request.
    • Referer β€” the value of the Referer header from the request.
    • Content Length β€” the value of the Content-Length header from the request.
    • Geo β€” the source country of the request. You can select multiple countries in the dropdown list. The source country of the request is determined by the IP address using the [MaxMind GeoIP] database (https://www.maxmind.com/en/geoip2-services-and-databases).
  • response property tests:

    • Status β€” the response's HTTP status code.
    • Duration β€” the time spent waiting for the upstream response.
    • Response Header β€” the value of a HTTP header from the response. Only the Location and Content-Type headers are supported. The header is selected in the first field.

Different operations are available for different properties. For example, for any text property, you can select != (test for an exact match), startsWith (test for a prefix match), etc. For a numeric property, you can select > (strictly greater than), >= (greater than or equal), etc. For properties related to HTTP headers and Cookies, the operations include exist and notExists which test the existence of the header.

Most operations require parameters, such as the string to compare to. All parameters must be filled.

Configuration example

Example

In this example:

  • The client detected a big amount of automated requests that had the substring https://example.com/ in their Referer header, so they decided to automatically blacklist all IP addresses that send such requests.

  • The client added a rule for automatic whitelisting all IP addresses from which they get requests with the value CustomTestTool in the User-Agent header. For example, if the client configures their testing tools so that they use this header, it will prevent false positives when Qrator Labs will analyze the test requests.

  • The client only works with users from Russia, so the IP addresses from other countries are automatically blacklisted.

  • The client decided to blacklist IP addresses if they sent requests to the main page without the User-Agent requests and processing them took more than 1 second.