Rules Page

Built-in Rules

Enable or Disable: You now have the flexibility to enable or disable individual WAF policies based on your specific security needs. This allows for a more customized approach to web application security.

Focus on Your Priorities: If you're concerned about a particular type of attack (e.g., SQL injection), you can enable the corresponding WAF policy while potentially disabling others that might focus on less relevant threats.

This helps in reducing the false positives, you can find the false positives section in the same page given as Exceptions.

Custom Rules

In addition to the preconfigured OWASP Top 10 and SANS 25 rules within the backend, users have the flexibility to create their own custom rules. The WAF offers approximately 12 parameters—including IP, country, ASN, Useragent, and cookie—on which rules can be constructed for whitelisting, blacklisting, rate-limiting, or implementing temporary or permanent redirects to other links.

Users can also combine multiple parameters to formulate a single rule. Simply click on "Add Rule" to incorporate a new parameter. Once configured, finalize by clicking "ADD" at the bottom. Rules become functional immediately upon configuration and take effect in real-time.