Configuring Flow Rules¶
Once Web Protection is active for your web application, you can begin defining Flow Rules — the policies that decide how incoming traffic is inspected, challenged, transformed, or blocked before it reaches your origin server.
This guide is a complete reference covering every field, tab, and option in the Flow Rules editor.
Before You Begin¶
- You should have an active Web Protection instance in your GatewaySentry account. If you haven't set one up yet, see Adding Web Protection.
- You should have a clear idea of the traffic policy you want to apply (e.g., paths to protect or rate limits to enforce).
How Flow Rules Work¶
Every Web Protection instance has a Flow — an ordered list of rules that are evaluated top-to-bottom for every incoming request.
Each rule is built from three parts:
| Part | Purpose |
|---|---|
| WHEN — Match conditions | Decides which requests this rule applies to |
| DO — Rule behavior | Defines what GatewaySentry does to matching requests |
| THEN — What happens next | Decides whether to keep evaluating other rules or stop |
How rules combine: A Continue rule applies its config and then keeps evaluating later rules — configs stack on top of each other. A Stop rule applies its config and freezes evaluation. A Deny rule ignores config entirely and immediately returns a
403 Forbidden.
Walkthrough¶
Follow these steps in order to add and save a flow rule.
- Step 1 — Open the Flow Editor
- Step 2 — WHEN: Define Match Conditions
- Step 3 — DO: Configure Rule Behavior
- Step 4 — THEN: Decide What Happens Next
- Step 5 — Save Your Rule
Operations¶
- Managing Rules — Reorder, duplicate, and delete rules in your flow.
Guidance¶
- Best Practices — Recommendations for rule ordering, gradual rollout, and avoiding common pitfalls.
Need Help?¶
If you run into unexpected behavior with your Flow Rules, or need help designing a policy for a specific use case, please reach out to GatewaySentry Support.