How traffic inclusion and exclusion policies work

The system has configurable inclusion/exclusion policies that evaluate each hit, using the following properties as criteria (in order):

  • Client IP address
  • Server IP address
  • Site (host) name
  • Advanced properties

Within a given policy, the system screens a hit through one or more prioritized rules, which determine whether the hit is ignored (and therefore excluded) or kept and subjected to further screening. The final rule in each policy is a "catch-all" for hits not matched by any previous rule. You can set the catch-all rule to keep (capture) these remaining hits in the system or to exclude (ignore) them outright.

Traffic inclusion/exclusion logic

trafficInclExcl_logic.png

The system supports both IPv4 and IPv6 IP addresses.

IP addresses supported for traffic inclusion/exclusion

IP version

Examples

IPv4

172.21.2.8, 172.21.2.*, 172.21.*.*

IPv6
(full form)

FE80:0000:0000:0000:0000:0000:AC15:208

IPv6
(short form)

FE80::AC15:208

Important

Wildcards can be used only with IPv4 notation. Read more in IP addresses section.

Advanced inclusion/exclusion policies enable you to create flexible selection criteria based on traffic properties, such as latency metrics, query parameters, and MIME type. Use the system's Expression Builder to create complex rules.

Related topics

Filtering-traffic-by-using-inclusion-and-exclusion-policies

Excluding-traffic-from-inside-of-your-organization

Configuring-traffic-filtering-rules-on-a-Cloud-Probe