What is "Basic WAF"?
"Basic WAF" is a firewall that protects your resource from attacks related to the following vulnerabilities:
- Broken Authentication
- Sensitive Data Exposure
- XML External Entities (XXE)
- Broken Access control
- Security misconfigurations
- Cross Site Scripting (XSS)
- Insecure Deserialization
- Using Components with known vulnerabilities
- Insufficient logging and monitoring
The option is free. The number of protected requests for one resource may be limited.
How to enable "Basic WAF"
You can activate the firewall for the whole resource or for specific URLs. To enable "Basic WAF" for a resource, go to "Resource settings" and toggle on the "Basic WAF" option.
If you want to activate the firewall for specific URLs, go to settings of the rule managing these URLs, add the "Basic WAF" option and enable it.
What to do if "Basic WAF" blocks some content
Our protection is based on the NGINX ModSecurity WAF modul. This module uses a standard set of rules that protects against OWASP Top 10. If a request was blocked, it means that the request has fallen under one of the rules.
If only certain URLs are blocked, we recommend not deactivating the firewall completely, but deactivating it only for blocked URLs. To do this:
- Create a rule with the location that is blocked by "Basic WAF".
- Add the "Basic WAF" option to the rule and turn it off.
If you need more flexible settings, use the paid product "Web Application Protection" — with it, you can install WAF, protect it from hacking, install protection against bots and DDoS attacks, define black and white lists. Contact our technical support to consult — we will be happy to tell you more about "Web Application Protection".