This article explains the legacy version of
Learn how to:
Key information:
Production traffic will not be screened by WAF unless both of the following conditions are true:
The above instance has been activated via Rules Engine.
Multiple instances may be activated via Rules Engine. Leverage this capability to tailor WAF screening by traffic profile.
This section provides step-by-step instructions on how to create a profile.
Templates are an easy way to apply a default configuration to a new profile.
Creating a profile will automatically add it to the Template option.
To create a profile
Click the Policies tab. In the Ruleset option, select the type and date for the rule set that may be used to monitor traffic for threats. The Choose Policies section will be refreshed to reflect the selected rule set.
Automatically verify that your web applications are compatible with our latest threat detection policies by enabling the Automatically opt-in to the latest ECRS ruleset option. It is recommended that you enable this capability on a profile whose instance has been set to Alert Only. This type of setup provides you with the opportunity to minimize false positives before enforcing our latest threat detection policies on your production traffic.
Set the Threshold option to a level (e.g., 15) that balances security with risk tolerance. Requests that are scored at or higher than the specified value will be identified as malicious traffic.
If you selected the ECRS rule set in the previous step, then this option only applies to policies other than Custom EC Rules and policies that start with "Adv."
Learn more.
ECRS Only: If you selected ECRS in step 5, then set the Paranoia Level option to a level (e.g., 1) that balances security with risk tolerance.
This is an advanced setting. The recommended paranoia level is 1. Setting this option to a higher value will increase the number of false positivesWeb Application Firewall: A false positive is a legitimate request that was identified as malicioius traffic by Web Application Firewall..
Learn how to set up a rule exception.
Modifying an existing profile:
Updates the template that was created from that profile.
A common reason for updating a profile is to reduce false positivesWeb Application Firewall: A false positive is a legitimate request that was identified as malicioius traffic by Web Application Firewall. by adding a rule exception. A rule exception identifies one or more rules that should be ignored for a specific set of requests. Typically, rule exceptions are identified via analysis within the WAF Dashboard.
To modify a profile
Optional. Add one or more rule exceptions.
From the Parameter option, select whether requests will be identified by argument (i.e., query string argument or request body parameter), cookie, or request header.
From the Argument | Cookie | Header Name option, type one of the following values:
A profile may be permanently deleted from the system.
Profiles associated with an instance may not be deleted. Please either modify the instance to point to a different profile or delete that instance.
To delete a profile