How to check your WAF mode

Azion Web Application Firewall (WAF) can operate in two different modes learning and blocking. When in learning mode, WAF analyzes threats without actually blocking them. When in blocking mode, all requests considered as threats are blocked and don’t even reach the server (origin).

The learning mode (or calibration stage) helps to improve WAF services and reduce false positives. Blocking mode will provide real-time protection against all supported threat families.

This documentation will guide you on how to create, locate, and edit the operation mode of a WAF Rule Set configuration.

WAF Rule Set is how a WAF configuration instance is called.


Requirements

The WAF operation mode is set on the Rules Engine tab of an Edge Firewall configuration. Make sure you have:

  • An edge firewall associated with the domains of your edge applications.
  • This edge firewall should have at least one WAF Rule Set.

If you don’t have a configured WAF Rule Set, check this guide for more details.


How to check and edit WAF operation mode

To check or edit the operation mode of a WAF, follow the steps:

  1. Access Azion Console > Edge Firewall, in the Secure section.
  2. From the list, find and select the edge firewall running the WAF Rule Set.
  3. From the Main Settings tab, make sure:
    • All domains from your application are on the Selected list.
    • The Network Layer Protection and Web Application Firewall module switches are enabled.
    • If you’ve made any changes, click Save.
  4. Click on the Rules Engine tab.
  5. Select the rule associated with the WAF Rule Set for which you want to configure the operation mode.

This rule should have similar Criteria/Behavior logic, and the WAF mode will be below the name of the WAF Rule Set:

  • Criteria: If: [Request URI] [starts with] [/].
  • Behavior: Then: [Set WAF Rule Set] [<name-of-waf-rule-set>] [Learning/Blocking].
  1. Click the Save button.

Contributors