Applies To:
HTTP Large
HTTP Small
ADN
WAF
A WAF profile is a critical component of a WAF configuration. It defines criteria for determining whether traffic is unwanted or malicious. There are three main components to a profile, which are:
| Component | Description |
|---|---|
| Threat Detection Categories | A set of OWASP Core Rule Sets define the methods through which WAF will detect application layer attacks. |
| Access Controls | Traffic may be whitelisted and/or blacklisted by IP address, country, request URL, or by referrer. |
| Global Settings | These settings define a basic delivery profile that all valid requests must meet. |
To create a profile
- Navigate to the Profile Manager page.
- Click + Add Profile.
- In the Name option, define the name by which this profile will be identified.
- By default, the Templates option is set to "*EdgeCast Profile Basic Template." This template provides appropriate default settings for a new profile.
- Click Choose Policies to expand it.
- Verify that the enabled threat detection categories will not interfere with legitimate site traffic.
- Consider disabling the "Tight security" threat detection category since it is prone to generating false positives.
- Click the Global Settings section to expand it.
- Review the delivery profile defined under the Global Settings section.
- Check whether additional restrictions may be applied to the delivery profile.
- Verify that the delivery profile will not mistakenly identify legitimate traffic.
- Click Save to create the new profile.
More Information
Getting Started with Web Application Firewall
- Step 1: Creating a Profile
- Step 2: Creating an Instance
- Step 3: Activating an Instance
- Step 4: Monitoring Threats