This article explains the legacy version of
An instance must be activated via Rules Engine before Web Application Firewall may assess production traffic for potential threats and ensure that traffic conforms to a specific delivery profile. This activation process is a safety measure designed to ensure the following:
WAF is only applied to requests that match the criteria defined in rules containing a Web Application Firewall feature.
Instance activation via Rules Engine provides the following benefits:
Activate an instance by performing the following steps:
Set the Web Application Firewall feature to the
Consider the following items when activating an instance:
Activate the Web Application Firewall feature for each type of request that should be secured via WAF.
Determine a rule's scope (e.g., all requests or by customer origin) by balancing the need to secure as much traffic as possible with the level of restrictive measures imposed by the WAF security profile.
The recommended approach for instance activation is to apply the most restrictive policy to as much traffic as possible while causing minimal impact to data delivery.
Only a single Web Application Firewall feature should be activated per request type (e.g., all requests or origin-specific requests).
Setting up Rules Engine to activate multiple WAF instances for a single type of request will only activate one of those instances.
The activation/deactivation of a Web Application Firewall instance is dependent on Rules Engine. Rule changes, such as adding, modifying, or deleting a rule, may take up to an hour to propagate. Additionally, all rule changes must undergo an internal review process.
Do not delete either of the following configurations:
View best practices for applying a new WAF instance or profile.