# Modes of Operation

Prophaze Web Application Firewall can work in two modes

* Learning Mode
* Active Mode

In Learning Mode, all traffic (except for standard signature-based attacks) is allowed to pass through the server, but all attacks to the host are monitored and stored internally in the WAF. This mode is usually used in the initial stage of installation of WAF. At this time Prophaze WAF learns the target application profile , behaviour of the system , and automatically learns to which resource the access needs to be granted.

In Active mode, Prophaze WAF blocks malicious attacks on the server and the corresponding events are logged into the system which is available as reports . In both Active and Learning Mode Prophaze WAF works as a **Reverse Proxy**, where all the requests and response are routed to host server.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.prophaze.com/master/modes-of-operation.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.