icon-unified.svg
Experience Center

About AppProtection Policy

AppProtection policy rules allow you to set up AppProtection controls for web applications. For a complete list of ranges and limitations for AppProtection Policy rules, see Ranges & Limitations.

AppProtection policies work similarly to access policies. You can reuse an existing access policy's criteria to create an AppProtection policy. This allows you to match up your AppProtection policies to your access policies. To learn more, see About Access Policy.

AppProtection policy rules enhance your experience by enabling you to:

  • Create a policy to inspect traffic to internal web applications based on specific criteria (e.g., application segments, Client Connector posture profiles, and SAML and SCIM attributes).
  • Apply a previously created AppProtection profile to a policy with the default actions (Allow, Block, or Redirect) set for each related AppProtection control.

AppProtection policy rules are comprised of two main building blocks:

  • Criteria: These are the conditions of a policy rule. A user's application request must match all the conditions within a policy rule.
  • Boolean Operators: These are the operands used between criteria. AppProtection policy rules use AND and OR operators.

About the AppProtection Policy Page

On the AppProtection Policy page (Policies > Cybersecurity > Inline Security > Protection Policies), you can do the following:

  1. Go to the Browser Protection Policy page to add a new Browser Protection policy or manage existing policies.
  2. Add a dynamic rule to an AppProtection profile.
  3. Expand all of the displayed rows in the table to see more information about each policy rule.
  4. Show all the rules in the table. The rows remain collapsed. Depending on the number of rules, this can take a few minutes.

By default, the UI displays the first 100 rules. Alternatively, you can scroll to see more rules.

  1. Add a new AppProtection policy rule.
  2. Filter the information that appears in the table. By default, no filters are applied.
  3. View a list of all AppProtection policy rules that were configured. For each rule, you can see:
    • Rule Order: The policy evaluation order number for the rule. Policy rules are applied based on the order they are listed here. Change the rule order by clicking on the number and manually entering in a new value.
    • Name: The name of the rule. The description is also displayed here, if available.
    • Rule Action: Indicates if the rule is Allow Access or Block Access. When the row is expanded, it provides a visual representation of the Criteria (e.g., SAML attributes, application segments, posture profiles, etc.) and Boolean logic used within the rule.
  4. Copy an existing AppProtection policy rule's criteria, and use it to create a new rule.
  5. Edit an existing AppProtection policy rule.
  6. Delete an AppProtection policy rule.
Viewing and managing AppProtection policies on the AppProtection page
Related Articles
About Browser Protection PolicyConfiguring Browser Protection PoliciesEditing Browser Protection PoliciesAbout Security PolicyAbout AppProtection PolicyConfiguring AppProtection PoliciesEditing AppProtection Policies