Skip to content

Configuring Flow Rules

Once Web Protection is active for your web application, you can begin defining Flow Rules — the policies that decide how incoming traffic is inspected, challenged, transformed, or blocked before it reaches your origin server.

This guide is a complete reference covering every field, tab, and option in the Flow Rules editor.


Before You Begin

  • You should have an active Web Protection instance in your GatewaySentry account. If you haven't set one up yet, see Adding Web Protection.
  • You should have a clear idea of the traffic policy you want to apply (e.g., paths to protect or rate limits to enforce).

How Flow Rules Work

Every Web Protection instance has a Flow — an ordered list of rules that are evaluated top-to-bottom for every incoming request.

Each rule is built from three parts:

Part Purpose
WHEN — Match conditions Decides which requests this rule applies to
DO — Rule behavior Defines what GatewaySentry does to matching requests
THEN — What happens next Decides whether to keep evaluating other rules or stop

How rules combine: A Continue rule applies its config and then keeps evaluating later rules — configs stack on top of each other. A Stop rule applies its config and freezes evaluation. A Deny rule ignores config entirely and immediately returns a 403 Forbidden.


Walkthrough

Follow these steps in order to add and save a flow rule.

  1. Step 1 — Open the Flow Editor
  2. Step 2 — WHEN: Define Match Conditions
  3. Step 3 — DO: Configure Rule Behavior
  4. Step 4 — THEN: Decide What Happens Next
  5. Step 5 — Save Your Rule

Operations

  • Managing Rules — Reorder, duplicate, and delete rules in your flow.

Guidance

  • Best Practices — Recommendations for rule ordering, gradual rollout, and avoiding common pitfalls.

Need Help?

If you run into unexpected behavior with your Flow Rules, or need help designing a policy for a specific use case, please reach out to GatewaySentry Support.


Next: Step 1 — Open the Flow Editor →