Skip to content

WAF

Web Application Firewall(WAF) helps protect web application from common exploits.

Step 1: Create WAF Profile

  1. Go to Manage -> Profiles -> Web Protection
  2. Click on Create Protection Profile.
  3. Select Application Threat
  4. In the Profile Builder table, click on "Add All" link under Core tab.
  5. Give the profile a name. (eg. waf-demo)
  6. For "CRS Ruleset Version" field, select Automatic.
  7. For "Trustwave Ruleset Version" field, select Automatic.
  8. For Paranoia Level, select 3.
  9. Leave remaining fields as default and click Save.

Step 2: Attach WAF Profile to Policy

  1. Click Manage -> Security Policies -> Rules
  2. Click on the ruleset name that's associated with the ingress gateway
  3. Click the table row ingress-http and click Edit
  4. In the editor panel, select the Web Protection Profile waf-demo and click Save to save the rule
  5. Click Save to save the ruleset
  6. The rule shows waf-demo as a profile in the rules table