# Rules Page ## Built-in Rules

**Enable or Disable:** You now have the flexibility to enable or disable individual WAF policies based on your specific security needs. This allows for a more customized approach to web application security. **Focus on Your Priorities:** If you're concerned about a particular type of attack (e.g., SQL injection), you can enable the corresponding WAF policy while potentially disabling others that might focus on less relevant threats. This helps in reducing the false positives, you can find the false positives section in the same page given as Exceptions. ## Custom Rules In addition to the preconfigured OWASP Top 10 and SANS 25 rules within the backend, users have the flexibility to create their own custom rules. The WAF offers approximately 12 parameters—including IP, country, ASN, Useragent, and cookie—on which rules can be constructed for whitelisting, blacklisting, rate-limiting, or implementing temporary or permanent redirects to other links.

\ Users can also combine multiple parameters to formulate a single rule. Simply click on "Add Rule" to incorporate a new parameter. Once configured, finalize by clicking "ADD" at the bottom. Rules become functional immediately upon configuration and take effect in real-time.

--- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.prophaze.com/user-manual/rules-page.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.