Prophaze
  • What is Prophaze AppSec Platform? How it works?
    • Performance
    • SSL Termination
    • Modes of Operation
  • Prophaze AppSec Best Practices
  • Application Onboarding
    • Account Creation
    • Deployment Models
      • Cloud
      • On-Premise
      • Kubernetes Deployment
    • Multi-Cloud Setup
  • DASHBOARD UI OVERVIEW
    • Dashboard
    • Traffic Analysis
    • API Security
    • Attack Analytics
    • DDOS Attacks
    • Rules Page
    • Bot Mitigation
    • Anomaly Detection
    • Reporting
    • Attack Types
    • Incidents
    • AppSec Toggle Mode
    • SSL Certificate
  • HTTP Support
    • Encoding Types
    • Protocol Validation
  • Protection Use Cases
    • HTTP Protocol Violation
    • Protocol Anomalies
    • Bot Detection
    • Injection Prevention
    • HTTP Request Smuggling
    • HTTP Response Splitting
    • XSS Prevention
    • LFI and RFI
    • Session Fixation
    • SQL Injection Prevention
    • Layer 7 Dos Attack Prevention
    • PHP Application Protection
  • Detection Techniques
    • Normalization
    • Negative Security Model
    • Signature and Rule Database
  • FAQ
    • Onboarding Process
    • Dashboard Terminology
    • Attack Section
    • Rule Set
    • Traffic 360: General Traffic Logs
    • ML Based Bot Mitigation
    • Generating Reports
    • Anomaly Detection
    • General
  • Software Updates
    • Release Notes v2.3.0
  • Release Notes v2.4.0
  • Release Notes v2.5.0
  • API Security Dashboard
    • API Security Features of Prophaze
    • API security scoring
    • Host-Based API Quality Score
    • How to Enable API Security and Dashboard
    • API Security Section
  • CVE
    • CVE-2024
    • CVE-2023
    • CVE-2022
    • CVE-2021
    • CVE-2020
    • CVE-2019
    • CVE-2018
    • CVE-2017
    • CVE-2012
    • CVE-2011
    • CVE-2009
    • CVE-2008
    • CVE-2001
Powered by GitBook
On this page
  • Built-in Rules
  • Custom Rules

Was this helpful?

  1. DASHBOARD UI OVERVIEW

Rules Page

Prophaze offers more granular control over your web application security with WAF Policies page.

PreviousDDOS AttacksNextBot Mitigation

Last updated 9 months ago

Was this helpful?

Built-in Rules

Enable or Disable: You now have the flexibility to enable or disable individual WAF policies based on your specific security needs. This allows for a more customized approach to web application security.

Focus on Your Priorities: If you're concerned about a particular type of attack (e.g., SQL injection), you can enable the corresponding WAF policy while potentially disabling others that might focus on less relevant threats.

This helps in reducing the false positives, you can find the false positives section in the same page given as Exceptions.

Custom Rules

In addition to the preconfigured OWASP Top 10 and SANS 25 rules within the backend, users have the flexibility to create their own custom rules. The WAF offers approximately 12 parameters—including IP, country, ASN, Useragent, and cookie—on which rules can be constructed for whitelisting, blacklisting, rate-limiting, or implementing temporary or permanent redirects to other links.

Users can also combine multiple parameters to formulate a single rule. Simply click on "Add Rule" to incorporate a new parameter. Once configured, finalize by clicking "ADD" at the bottom. Rules become functional immediately upon configuration and take effect in real-time.