Web Application Firewall(WAF) helps protect web application from common exploits.
Step 1: Create WAF Profile
- Go to Manage -> Profiles -> Web Protection
- Click on Create Protection Profile.
- Select Application Threat
- In the Profile Builder table, click on "Add All" link under Core tab.
- Give the profile a name. (eg. waf-demo)
- For "CRS Ruleset Version" field, select Automatic.
- For "Trustwave Ruleset Version" field, select Automatic.
- For Paranoia Level, select 3.
- Leave remaining fields as default and click Save.
Step 2: Attach WAF Profile to Policy
- Click Manage -> Security Policies -> Rules
- Click on the ruleset name that's associated with the ingress gateway
- Click the table row ingress-http and click Edit
- In the editor panel, select the Web Protection Profile waf-demo and click Save to save the rule
- Click Save to save the ruleset
- The rule shows waf-demo as a profile in the rules table