SRA Overview | 71If a rule chain has already been generated from a URL profile in the past, then the rule chainwill be overwritten only if the Overwrite existing Rule Chains for URL Profiles check box isselected. When you click the Generate Rules button, the rules are generated from the URLprofiles. If a URL profile has been modified, those changes are incorporated.How Does Rate Limiting for Custom Rules Work?The administrator can configure rate limiting when adding or editing a rule chain from the WebApplication Firewall > Rules page. When rate limiting is enabled for a rule chain, the action forthe rule chain is triggered only when the number of matches within a configured time period isabove the configured threshold.This type of protection is useful in preventing Brute Force and Dictionary attacks. An examplerule chain with a Rule Chain ID of 15002 is available in the management interface foradministrators to use as reference.The associated fields are exposed when the Enable Hit Counters check box is selected at thebottom of the New Rule Chain or Edit Rule Chain screen.Once a rule chain is matched, Web Application Firewall keeps an internal counter to track howmany times the rule chain is matched. The Max Allowed Hits field contains the number ofmatches that must occur before the rule chain action is triggered. If the rule chain is notmatched for the number of seconds configured in the Reset Hit Counter Period field, then thecounter is reset to zero.Rate limiting can be enforced per remote IP address or per user session or both. The TrackPer Remote Address check box enables rate limiting based on the attacker’s remote IPaddress.The Track Per Session check box enables rate limiting based on the attacker’s browsersession. This method sets a cookie for each browser session. Tracking by user session is notas effective as tracking by remote IP if the attacker initiates a new user session for each attack.The Track Per Remote Address option uses the remote address as seen by the SRAappliance. In the case where the attack uses multiple clients from behind a firewall that isconfigured with NAT, the different clients effectively send packets with the same source IPaddress and will be counted together.Navigating the SRA Management InterfaceThe following sections describe how to navigate the SRA management interface:• “Management Interface Introduction” section on page 72• “Navigating the Management Interface” section on page 73• “Navigation Bar” section on page 77