waf.blocked

BOOL, can be read and set, but not unset.

Deprecated

Deprecated. Available inpassmissdeliverlogerror

Set to true by the WAF when a request is flagged for blocking.

Requests will be flagged for blocking after a qualifying rule is matched, which must be either:

  • a strict rule, configured in blocking mode, whose pattern matches the current request; or
  • a threshold rule, configured in blocking mode, where the associated category anomaly score is above the threshold configured for the rule.

For example, a strict rule configured to look for "<script>" in the request path and set to blocking mode would flag a request for /foo/<script>. A similar scoring rule would not flag the request, but would add value to waf.xss_score (category-specific score) and waf.anomaly_score (overall anomaly total). The threshold rule for waf.xss_score may then be matched if the score exceeds the configured threshold.

In the waf_debug_log subroutine, the value of this variable indicates whether any rule processed so far has flagged the request for blocking, and not whether any individual rule has done so.

This variable is write-once. A second attempt to set it will not change the value.

User contributed notes

BETA

Do you see an error in this page? Do you have an interesting use case, example or edge case people should know about? Share your knowledge and help people who are reading this page! (Comments are moderated; for support, please contact Fastly support)