waf.blocked

BOOL, can be read and set, but not unset.

Deprecated

Deprecated. Available inpassmissdeliverlogerror

Set to true by the WAF when a request is flagged for blocking.

Requests will be flagged for blocking after a qualifying rule is matched, which must be either:

  • a strict rule, configured in blocking mode, whose pattern matches the current request; or
  • a threshold rule, configured in blocking mode, where the associated category anomaly score is above the threshold configured for the rule.

For example, a strict rule configured to look for "<script>" in the request path and set to blocking mode would flag a request for /foo/<script>. A similar scoring rule would not flag the request, but would add value to waf.xss_score (category-specific score) and waf.anomaly_score (overall anomaly total). The threshold rule for waf.xss_score may then be matched if the score exceeds the configured threshold.

In the waf_debug_log subroutine, the value of this variable indicates whether any rule processed so far has flagged the request for blocking, and not whether any individual rule has done so.

This variable is write-once. A second attempt to set it will not change the value.