A Proxy Action is a special type of Rule. It allows a web session to be directly dropped or redirected.
The direct intervention on the web session is usually employed for events that are deemed highest risk, for earliest and agile prevention.
But it is reccomended to run any changes in Challenger first to measure volumes, due to the high impact.
They will most likely always be nested inside of an IF condition to restrict which events they will trigger on (rather than all)
Enabling Proxy Action Rules
Proxy Action Rules must be enabled for a Ruleset.
To enable Proxy Action Rules, open or create a Rules file. In the Rules Editor, change the Ruleset to 'Proxy Action'.
There will now be an Option for adding Proxy Terminate Rules.

Proxy Action Rules
A Proxy Action inherits properties of a normal Rule. See Rules for a list of these.

The unique option is the Proxy Terminate itself, that will trigger if the Rule is processed:
- Accept
- Return with HTTP Status Code
- HTTP Redirect
- Silent Drop
Accept
No Action taken
Return with HTTP Status Code
Return a particular HTTP response status code. All codes over 400 are error codes and will result in the session being directly stopped.
The codes are standard to the web; fuller descriptions can be found here: https://developer.mozilla.org/en-US/docs/Web/HTTP/Status
The choice of code to respond with is purely a design decision.
Example Use Case: After too many Failed Login attempts in a short time, further attempts return HTTP Status Code 429 - Too Many Requests
Silent Drop
A silent drop is like returning a HTTP Status code, but:
- No code is returned
- The fact that the connection has dropped is not immediately notified. Typically the client will instead time out.
For some use cases, it is better to not indicate why a connection or session was dropped.
This allows the decision logic that is being used to not be transparent and to cause frustration to malicious actors.
Example Use Case: A device commonly seen with Account Takeovers manages to log into an account. When the device tries to access the New Beneficiary page a Silent Drop is triggered to prevent a likely exit of funds at an early opportunity. The Silent Drop is likely to come across as a website performance issue rather than the fraudster being informed their device is being traced and use to identify the risk.
HTTP Redirect
Return HTTP response codes 301, 302, 307 or 308. These are special codes that allow redirecting traffic to a different URL.
- 301 - Moved Permanently
- 302 - Found/ Moved Temporarily
- 307 - Temporary Redirect
- 308 - Permanent Redirect
The Rule allows the specifying the URL that will be redirected to.
Example Use Case: It is detected that the user is attempting to access the US site from the UK. The user is redirected to the UK site instead to follow business policy.