1 of 20
2 of 20
3 of 20
4 of 20
5 of 20
6 of 20
7 of 20
8 of 20
9 of 20
10 of 20
11 of 20
12 of 20
13 of 20
14 of 20
15 of 20
16 of 20
17 of 20
18 of 20
19 of 20
20 of 20

doc

How to debug rules created with Rules Engine

Overview

Debug Rules allows you to check whether rules or rule sets created using the Rules Engine module for Edge Application and Edge Firewall has been successfully executed in your application.

See Rules Engine for Edge Application and Rules Engine for Edge Firewall for more information on rules.

You can debug rules using the GraphQL API, Azion Data Streaming, and Azion Real-Time Events.

  1. Enabling Debug Rules
  2. Debugging rules using the GraphQL API
    2.1. Creating Personal Tokens
    2.2. Querying for rules data with Postman
  3. Debugging rules using Data Streaming
  4. Debugging rules using Real-Time Events

1. Enabling Debug Rules

To debug your rules or rule sets, you must first activate the Debug Rules feature on Azion Real-Time Manager (RTM).

Note: this functionality is in early access. Contact our Sales team to enable it on your account.

To enable Debug Rules for Edge Application:

  1. Access RTM.
  2. Go to Products menu > Edge Application.
  3. Select an existing edge application to activate debug.
  4. On the Main Settings tab, enable the Debug Rules option.
  5. Click the Save button.

To enable Debug Rules for Edge Firewall:

  1. Access RTM.
  2. Go to Products menu > Edge Firewall.
  3. Select the rule set you want to configure.
  4. On the Main Settings tab, enable the Debug Rules option.
  5. Click the Save button.

Warning: debugging is only functional for active rule sets. Make sure to activate any rule set you wish to include in the debugging process.

2. Debugging rules with the GraphQL API

See the GraphQL API documentation for more information.

To query the available rules data in the GraphQL API, you’ll need to go through two steps: creating a personal token and running your request on Postman. To do so, follow the instructions in the sections below.

2.1. Creating Personal Tokens

Before running your requests with the GraphQL API, you first need to create a Personal token to validate your access.

To create a personal token:

  1. Access RTM.
  2. Select Account menu > Personal Tokens.
  3. Click the Add Personal Token button and fill in the fields.
  4. Save your personal token in a safe location to use it in the next section.

See the Personal Tokens documentation page for more information on how to create one.

As an alternative, you can create a short-duration personal token through the Azion API.

2.2. Querying for rules data with Postman

After creating your personal token, you must go to Postman and follow the next steps:

  1. On the Postman upper header, click the + button to create a new request.
  2. On the Headers tab, click on Bulk Edit.
  3. Add the following code, along with the personal token value, without the square brackets:
Authorization:Token [TOKEN VALUE]

After creating the Headers with your token, remain on Postman to create the request’s body:

  1. On the upper-left corner, click the GET option to open a dropdown menu.
  2. Select the POST option.
  3. On the options row, select the Body tab > GraphQL.
  4. On the QUERY box, add the following HTTP Query:
query HttpQuery {
  httpEvents(
    limit: 10,
    filter: {
      tsRange: {begin:"2023-02-14T10:10:10", end:"2023-02-15T10:10:10"}
    }
    orderBy: [ts_ASC]
  ) 
  {
    ts
    remoteAddress
    requestUri
    stacktrace
  }
}

The example above shows a query for rule data using the HTTP Events dataset. The limit field filters the last 10 entries within the tsRange field. The presented data is ordered through the ts (timestamp) field.

The query above should return:

  • ts: the time range for when each request was initiated.
  • remoteAddress: the IP of the client that made the request to the application.
  • requestUri: the type of HTTP request and URI.
  • stacktrace: executed rules and rule sets.

Now that you’ve queried your request, you can send it to the GraphQL API and receive a response with the data by following the steps:

  1. On the Enter request URL field, add the GraphQL API URL being consulted: https://api.azionapi.net/metrics/graphql
  2. Click the Send button on the upper-right corner.

You’ll receive a response with the requested data, as in the following example:

{
  "data": {
    "httpEvents": [
      {
        "ts": "2023-02-15T17:52:16Z",
        "remoteAddress": "00.00.000.00",
        "requestUri": "/get",
        "stacktrace": "{\\\"edge_application_response\\\":[\\\"Add Azion Cookie\\\"],\\\"edge_firewall\\\":[\\\"Set WAF\\\",\\\"Rate-Limit Root\\\"],\\\"edge_application_request\\\":[\\\"Default Rule\\\",\\\"Test Send Cert to Origin 1\\\",\\\"Test Send Cert to Origin 2\\\"]}"
      }
    ]
  }
}

In this example, the GraphQL API has returned all active request and response phase rules created for Edge Application, as well as an active Edge Firewall rule set.

For more information on the GraphQL API, visit the datasets documentation page.

3. Debugging rules using Data Streaming

See the Data Streaming documentation for more information on how to set it up.

To debug rules via Data Streaming, follow these steps:

  1. Access RTM.
  2. Select Products menu > Data Streaming.
  3. Click Add Streaming.
  4. Choose a name for your data streaming.
  5. On the Data Source dropdown menu, select Edge Applications.
  6. On the Template dropdown menu, select Custom Template.

  7. On the Data Set code box, add the following variables:

     {
     "time": "$time",
     "traceback": "$traceback"
 }
  8. On Options, select between Filter Domains or All Domains. See more about each option on How to associate domains on Data Streaming.

  9. On the Destination section, select an Endpoint Type on the dropdown menu.

    You’ll see different fields depending on the endpoint type you choose. Find more information on each of them on the Setting an endpoint page.

  10. Make sure the Active switch is turned on.
  11. Click the Save button.

To make sure your logs are being sent to your endpoint through the configured data streaming, you can use Real-Time Events to query detailed analysis.

To see all your created data streamings, go to the Data Streaming page on RTM and select one from the list. Feel free to create multiple ones.

Variables definition

Variable Definition
$time Request date and time. Example: Oct. 31st, 2022 - 19:30:41
$traceback Provides the names of the rules created using Rules Engine for Edge Application and Edge Firewall that are ran by the request.

4. Debugging rules using Real-Time Events

See the Real-Time Events documentation for more information on how to configure a data streaming endpoint.

To access Real-Time Events, follow these steps:

  1. Access RTM.
  2. On the upper-left corner, select Products menu > Real-Time Events.
  3. On Data Source, select Edge Applications.
  4. Modify the desired time range and add filters if needed.
  5. Click the Search button.
  6. Select the log body you want to inspect.
  7. Look for the traceback field.

The traceback field should contain the type of rule executed and the behavior triggered within the selected time range. For instance:

{\"edge_application_response\":[\"Add Azion Cookie\"],\"edge_firewall\":[\"Set WAF\",\"Rate-Limit Root\"],\"edge_application_request\":[\"Default Rule\",\"Test Send Cert to Origin 1\",\"Test Send Cert to Origin 2\"]}

In this example, the traceback field contains all active request and response phase rules created for Edge Application, as well as an active Edge Firewall rule set.

Didn’t find what you were looking for? Open a support ticket.