Forum Discussion

小白's avatar
Icon for Cirrus rankCirrus
Feb 24, 2022

Execution order of policy

Hi,I know that for a program, there must be a sequence of execution, so what is the sequence of ASM policy?I want to know the order of various protection strategies in a policy. For example, compared with SQL injection and XPath injection, who takes effect first, and what is the order of other protection strategies?

2 Replies

  • Hi, Is there a particular function you would like to know this for? It may help get you to the answer. 

    Do keep in mind though that the WAF system works on an "all-match" strategy (all components that are active and get matched will be reported), rather than a "first-match" strategy (like a firewall policy). 

    • 小白's avatar
      Icon for Cirrus rankCirrus

      Obviously, when the blacklist and injection exist at the same time, the blacklist must take effect first, isn't it? Then I believe there is a sequence for the same strategy