<is this the right policy?
<
<
<In general, can i provide access to people i want?
CFrom a technical stand point yes, it will only allow access with prompt justifcation and tempoary auth. However, individual support people might not have access to the
support@How can i provide acces to people i want?
CYou adjust the access policy to include the people you want
<When i create that policy i don't have access to my own forum
<
C? That’s expected. You have an allow rule with those requirements. If you sign in with your email then you should have access. If you don’t want to see the screen then you need to make it a bypass rule
<Service Auth or Bypass policies cannot include identity-based conditions
<the last one is email
<by the way i re-create my whole application
<when i remove email i see this
<
CI’m confused what you are looking for? If you want identity based login then you need to have that sign in screen.
<i want to have normal access to my forum, also want to provide acces to people i want
<for example people out of bulgaria, Becouse i create rule that block other countries becouse of spamming bots
CYou shouldn’t be using access then. Firewall rules will allow you to allow/block countries
<is that waf rules?
CCorrect
<but only 5 rules i can create
CYou can have all your matching be one rule.
<hm how?
there is one action option
there is one action option
<for example, i can't add known bot here cuz thir rule will block bots
CUsing the AND and OR statements
<i see but gues can't make so that add rule to have access to someone
<if i put other rules here it block actions
CYou can make one rule to block and one rule to skip. Then use OR to chain them together
<How can i make in one rule these two rules?
i mean "facebook bot"and "Good bots"
these two are with action SKIP
i mean "facebook bot"and "Good bots"
these two are with action SKIP
<oh wait think to do how
<Do i need to provide choose person acces with email?
CNot if you are using WAF. It is not identity aware
