Page tree

The system has configurable inclusion/exclusion policies that evaluate each hit, using the following properties as criteria (in order):

  • Client IP address
  • Server IP address
  • Site (host) name
  • Advanced properties

Within a given policy, the system screens a hit through one or more prioritized rules, which determine whether the hit is ignored (and therefore excluded) or kept and subjected to further screening. The final rule in each policy is a "catch-all" for hits not matched by any previous rule. You can set the catch-all rule to keep (capture) these remaining hits in the system or to exclude (ignore) them outright.

Traffic inclusion/exclusion logic

The system supports both IPv4 and IPv6 IP addresses.

IP addresses supported for traffic inclusion/exclusion

IP version


IPv4, 172.21.2.*, 172.21.*.*

(full form)


(short form)



Wildcards can be used only with IPv4 notation. Read more in IP addresses section.

Advanced inclusion/exclusion policies enable you to create flexible selection criteria based on traffic properties, such as latency metrics, query parameters, and MIME type. Use the system's Expression Builder to create complex rules.

Related topics

Filtering traffic by using inclusion and exclusion policies

Excluding traffic from inside of your organization

Configuring traffic filtering rules on a Cloud Probe