Skip to content

Firewall Rules - AI Content Filtering and Security

Firewall rules filter and moderate content before it reaches AI providers.

  1. Go to Console → Firewall
  2. Click Create Rule
  3. Define conditions and actions
  4. Save and activate

Block or mask requests containing sensitive content:

IF input contains pattern (substring or regex)
THEN block request OR mask content OR warn

Supported Scopes:

  • prompt - Filter user input before sending to AI (currently implemented)
  • response - Filter AI output before returning (planned feature)

Supported Pattern Types:

  • substring - Case-insensitive text matching (fast, simple)
  • regex - Regular expression matching (powerful, flexible)

Available Actions:

  • block - Reject request with 403 error
  • mask - Replace matched pattern with replacement text (default: [redacted])
  • warn - Add warning to response metadata but continue processing

Important: All matching firewall rules are applied (unlike routing rules where only the first match applies)

Rules are evaluated in order:

  1. Highest priority first (descending order)
  2. For rules with the same priority, older rules (lower ID) are evaluated first
  3. All matching rules in a scope execute - multiple rules can trigger for the same request
  4. If a block action triggers, processing stops immediately with a 403 error
  5. mask and warn actions accumulate - all matching rules apply their transformations/warnings

Create custom regex-based rules:

Name: Block Internal IPs
Pattern: \b(?:10|172\.16|192\.168)\.\d{1,3}\.\d{1,3}\.\d{1,3}\b
Action: Block
Message: Internal IP addresses not allowed
  • Start with warnings, then enforce blocks
  • Test rules thoroughly
  • Monitor firewall logs
  • Use built-in filters when possible
  • Create specific error messages for users
Name: Block Credit Cards
Scope: prompt
Type: regex
Pattern: /\d{4}[\s-]?\d{4}[\s-]?\d{4}[\s-]?\d{4}/
Action: Block
Priority: 100
Name: Mask Emails
Scope: prompt
Type: regex
Pattern: /[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}/
Action: Mask
Replacement: [EMAIL]
Priority: 90
Name: Sensitive Content Warning
Scope: prompt
Type: substring
Pattern: confidential
Action: Warn
Priority: 50