- 26 Aug 2023
- 4 Minutes to read
- Print
- DarkLight
ShieldID Rules Configuration
- Updated on 26 Aug 2023
- 4 Minutes to read
- Print
- DarkLight
ShieldID Rules Configuration
ShieldID is accessible for Tenant Administrators by navigating to Configuration > Security > ShieldID.
ShieldID comes with Out-of-the-Box, pre-configured rule sets and configurable policies to protect RapidIdentity users from foreign threats, anonymous traffic and malicious bots.
Rules determine how every web request is handled when matching the criteria defined in the rule and are evaluated and acted upon in priority order.
Rules are evaluated with every web request and, once a rule is matched, no further rule evaluations are performed for that web request.
Rule Priority 0 - Allowed IP Addresses
Use this rule to explicitly allow specific IP Addresses or a Range of IP Addresses into RapidIdentity.
Click the 3 ellipses ( ⋮ ) next the rule name and select Edit to begin.
In the IP addresses text box, enter one IP address or IP address range per line, in CIDR notation and click Add.
ShieldID supports all IPv4 and IPv6 CIDR ranges except for /0
To remove an IP Address or Range from the rule click the 3 ellipses ( ⋮ ) next to the IP Address or Range and select Delete.
Click Save when done.
Rule Priority 1 - Blocked IP Addresses
Use this rule to explicitly block specific IP Addresses or Range of IP Addresses from accessing RapidIdentity.
Click the 3 ellipses ( ⋮ ) next the rule name and select Edit to begin.
In the IP addresses text box, enter one IP address or IP address range per line, in CIDR notation and click Add.
ShieldID supports all IPv4 and IPv6 CIDR ranges except for /0
To remove an IP Address or Range from the rule click the 3 ellipses ( ⋮ ) next to the IP Address or Range and select Delete.
Click Save when done.
Rule Priority 2 - Block Nonlisted Countries
Use this rule to explicitly block specific Countries from accessing RapidIdentity.
ShieldID uses the alpha-2 country codes from the International Organization for Standardization (ISO) 3166 standard. For a list of available country codes supported by ShieldID click here
Click the 3 ellipses ( ⋮ ) next the rule name and select Edit to begin.
Use the Country Code dropdown to select the country code you do NOT want to block and click Add. All other country codes will be blocked.
To remove a Country from the rule click the 3 ellipses ( ⋮ ) next to the Country Code and select Delete.
Click Save when done.
This rule is being enhanced to provide even greater flexibility by allowing administrators to specify whether country codes should be included or excluded.
Rule Priority 3 - Rate Limit Login
The Rate Limit Login rule tracks the rate of Login requests for each originating IP address, and triggers the rule action on IPs with rates that go over the limit set.
This rule is used to put a temporary block on Login requests from an IP address that's sending excessive requests.
The Rate Limit Login rule is preconfigured to temporarily block Login requests from a single IP Address that exceed 100 within a 5 minute period of time.
Use the Overview display to highlight the number of Login Requests that are or have been Rate Limited.
Rule Priority 4 - Rate Limit Forgotten
The Rate Limit Forgotten rule tracks the rate of Forgotten Password requests for each originating IP address, and triggers the rule action on IPs with rates that go over the limit set.
This rule is used to put a temporary block on Forgotten Password requests from an IP address that's sending excessive requests.
The Rate Limit Forgotten rule is preconfigured to temporarily block Forgotten Password requests from a single IP Address that exceed 100 within a 5 minute period of time.
Use the Overview display to highlight the number of Forgotten Password Requests that are or have been Rate Limited.
Rule Priority 5 - Rate Limit Claims
The Rate Limit Claims rule tracks the rate of Claim Account requests for each originating IP address, and triggers the rule action on IPs with rates that go over the limit set.
This rule is used to put a temporary block on Account Claim requests from an IP address that's sending excessive requests.
The Rate Limit Claims rule is preconfigured to temporarily block Claim Account requests from a single IP Address that exceed 100 within a 5 minute period of time.
Use the Overview display to highlight the number of Forgotten Password Requests that are or have been Rate Limited.
Rule Priority 6 - Rate Limit API Session
The Rate Limit API Session rule tracks the rate of API requests for each originating IP address, and triggers the rule action on IPs with rates that go over the limit set.
This rule is used to put a temporary block on *API requests from an IP address that's sending excessive requests.
The Rate Limit API Session rule is preconfigured to temporarily block API requests from a single IP Address that exceed 100 within a 5 minute period of time.
Use the Overview display to highlight the number of API Requests that are or have been Rate Limited.
AWS Managed Rules
These rules are pre-configured for all ShieldID customers.
- AWS-AWSManagedRulesAmazonIpReputationList
Inspects and blocks traffic from IP addresses that have been identified as bots
- AWS-AWSManagedRulesCommonRuleSet
Inspects and blocks traffic from IP addresses based on common best practices
- AWS-AWSManagedRulesAnonymousIpList
Inspects and blocks traffic from IP addresses of sources known to anonymize client information, like TOR nodes, temporary proxies, and other masking services