As mentioned earlier, conditions are configurable characteristics that you want WAF to monitor in each of your incoming web requests:

1. To get started with a condition, select the Create condition option from the IP match conditions tile.
2. Here, provide a suitable Name for your match condition and select the IPv4 option from the IP Version. Provide your desktop's or laptop's public IP in the Address field. You can alternatively provide a range of IP addresses here using either of the supported CIDR blocks.
3. Remember to select the Add IP address or range option before creating the match condition:

4. With the IP match condition created, let's move on to creating the second condition for our ACL as well. For this, select the Create condition option from the String and regex match conditions section.

5. Once again, we start by providing a suitable Name for our string match condition, followed by selecting the Type of string to match with. Here, select the String match option to begin with.
6. Next, in the Part of the request to filter on section, select the appropriate section of your request that you wish to filter, using the match condition. In my case, I have selected the URI option as we need to match the resource wp-login.php from the URI. Alternatively, you can also opt to select the following values based on your requirements:

• • Header: Used to match a specific request header, such as user-agent.
  • HTTPMethod: Used to indicate the type of operation the request intends to perform on the origin, such as PUT, GET, DELETE, and so on.
  • QueryString: Used to define a query string in a URL.
  • Body: Used to match the body of the request. In this case, WAF only inspects the first 8,192 bytes (8 KB) contained within the request's body. You can alternatively set up a Size Constraint condition that blocks all requests that are greater than 8 KB in size.

7. Next, in the Match type drop-down list, select the option Contains, as shown in the following screenshot. The Contains option means that the string to match can appear anywhere in the request. Alternatively, you can also opt to select from these options, based on your requirement:

• • ContainsWord: Used to specify a specific Value to match in the request
  • Exactly matches: Used to match the string and the request value exactly
  • Starts with: Used to check for a matching string at the beginning of a request
  • Ends with: Used to check for a matching string at the end of the request

8. The Transformation field is handy when you need to re-format the web request before WAF inspects the same. This can involve Converting to lowercase, HTML decoding, Whitespace normalization, URL Decode, and so on. For this particular use case, we don't have any particular transformation to perform on the request, and hence I've selected the None option.
9. Finally, in the Value to match field, enter the text (wp-login) that we want WAF to search for in the web requests. Once completed, remember to click on the Add filter option before you proceed with the Create command.
10. With this step completed, our basic conditions are in place. Alternatively, you can set up other relevant conditions based on your criteria and requirements. Once done, select the Next option to proceed with the wizard.