Prophaze WAF Best Practices

Prophaze WAF uses Application profiling to determine the best configuration for your application once you onboard the domain in our dashboard. Hence only minimum intervention is required from the customer. Some configurations the customer can tweak is the following.
1. Active Mode
a. Once the domain is onboarded the WAF goes into application profiling period where it learns the application, and web attacks are not blocked during this period, it is on detection mode only, this period is required by the WAF to learn the application and reduce the false-positives and to better protect against non-signature-based attacks.
WAF Active Mode
WAF Learning Mode
2. Bot protection
a. Bot protection allows the user to turn on advanced bot protection mechanisms, like the js challenge and the captcha challenge, by default it is turned off, the user is advised to turn it on if faced by bot attacks or is suspecting DDOS attacks.
CAPTCHA Challenge
JS Challenge
3. Granular control over proxy settings
a. In the settings page where the user can change configurations like proxy-connect-timeout, proxy read timeout etc,
4. Rate Limiting
a. In Rules page, user is able set rate limiting Maximum requests Per-IP and Total requests.