Configuring a basic WAF rule set
-
In the management console
, select the folder the WAF profile is in. -
In the list of services, select Smart Web Security.
-
In the left-hand panel, select
WAF profiles. -
Select the profile to configure a basic rule set in.
-
Click Configure basic rule set.
-
Set the Anomaly threshold, which is the sum of anomaly values of the triggered rules that will block the request.
We recommend that you start with the anomaly threshold of
25
and gradually bring it down to5
. To reduce the anomaly threshold, address WAF false positives triggered by legitimate requests. To do so, select rules from the basic set and configure exclusion rules.Use Only logging (dry run) mode to test anomaly thresholds. The mode is activated when you add a WAF rule to the security profile.
-
Install Paranoia level.
Paranoia level classifies rules according to their aggression. The higher the paranoia level, the better your protection, but also the higher the probability of WAF false positives.
-
Check the rules you included in the set. Add or delete them as needed. When using rules, pay attention to their anomaly values and paranoia levels.
You can turn any rule from the set into a blocking rule. A request that satisfies such a rule will be blocked regardless of the anomaly threshold you specified. To turn a rule into a blocking rule, click
to the right of it. If Only logging (dry run) mode is enabled in the security profile, requests will not get blocked. -
Click Save settings.