Firewall Rules - AI Content Filtering and Security
Overview
Section titled “Overview”Firewall rules filter and moderate content before it reaches AI providers.
Creating Firewall Rules
Section titled “Creating Firewall Rules”- Go to Console → Firewall
- Click Create Rule
- Define conditions and actions
- Save and activate
Rule Types
Section titled “Rule Types”Content Filtering
Section titled “Content Filtering”Block or mask requests containing sensitive content:
IF input contains pattern (substring or regex)THEN block request OR mask content OR warnSupported Scopes:
prompt- Filter user input before sending to AI (currently implemented)response- Filter AI output before returning (planned feature)
Supported Pattern Types:
substring- Case-insensitive text matching (fast, simple)regex- Regular expression matching (powerful, flexible)
Available Actions:
block- Reject request with 403 errormask- Replace matched pattern with replacement text (default:[redacted])warn- Add warning to response metadata but continue processing
Rule Evaluation
Section titled “Rule Evaluation”Important: All matching firewall rules are applied (unlike routing rules where only the first match applies)
Rules are evaluated in order:
- Highest priority first (descending order)
- For rules with the same priority, older rules (lower ID) are evaluated first
- All matching rules in a scope execute - multiple rules can trigger for the same request
- If a
blockaction triggers, processing stops immediately with a 403 error maskandwarnactions accumulate - all matching rules apply their transformations/warnings
Custom Rules
Section titled “Custom Rules”Create custom regex-based rules:
Name: Block Internal IPsPattern: \b(?:10|172\.16|192\.168)\.\d{1,3}\.\d{1,3}\.\d{1,3}\bAction: BlockMessage: Internal IP addresses not allowedBest Practices
Section titled “Best Practices”- Start with warnings, then enforce blocks
- Test rules thoroughly
- Monitor firewall logs
- Use built-in filters when possible
- Create specific error messages for users
Examples
Section titled “Examples”Block Credit Card Numbers
Section titled “Block Credit Card Numbers”Name: Block Credit CardsScope: promptType: regexPattern: /\d{4}[\s-]?\d{4}[\s-]?\d{4}[\s-]?\d{4}/Action: BlockPriority: 100Mask Email Addresses
Section titled “Mask Email Addresses”Name: Mask EmailsScope: promptType: regexPattern: /[a-zA-Z0-9._%+-]+@[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}/Action: MaskReplacement: [EMAIL]Priority: 90Warn on Sensitive Keywords
Section titled “Warn on Sensitive Keywords”Name: Sensitive Content WarningScope: promptType: substringPattern: confidentialAction: WarnPriority: 50