Configuration

This article explains the legacy version of WAF that will undergo end-of-life on June 30, 2021. Our new version of WAF expands upon all of the capabilities offered by WAF and Rate Limiting with a simplified and centralized setup. Please upgrade to the latest version of WAF at your earliest convenience.

The configuration of Web Application Firewall consists of three sequential steps. Once all three steps have been performed, near-real-time threat monitoring may be performed through the dashboard. A brief overview for each WAF setup step is illustrated below.

Additional information on each WAF configuration step is provided below.

Step Name Description

1

Create Profile

Define a security policy for inbound HTTP/HTTPS traffic that defines the:

2

Create Instance

Select the profiles that may be applied to site traffic and the manner in which detected threats may be handled.

An instance defines:

  • A profile that may be applied to production traffic.
  • How potential threats are handled.
  • A profile that may be used to audit production traffic.

3

Activate Instance

Define both of the following items through Rules Engine:

  • The type of requests that should be secured by Web Application Firewall.
  • The instance that identifies the profile(s) that may be used to secure/audit site traffic.

Different types of requests may require varying levels of protection. Create a profile and an instance for each type of request that requires a unique level of protection.

More Information