Configuration
Last updated
Was this helpful?
Last updated
Was this helpful?
This advanced implementation of WAF will protect your websites more effectively.
To activate the WAF, you just need to enable our TCDN-WAF-Enabled
header.
For example, if you wanted to activate the WAF on your domain mi-dominio.es
, you would simply deploy a configuration from the similar to the following:
If you want to deactivate the WAF under certain conditions, you can simply unset
the previously assigned header.
For example, if you want to activate the WAF for your domain mi-dominio.es
but exclude URLs that start with /path/sin/waf/
, you can deploy a similar to the following from the control
However, this is far from being the best option.
Instead, the WAF provides the header TCDN-WAF-Set-SecRuleEngine
, which allows us to adjust the behavior of the rule engine. This header accepts three values:
#On:
This is the default behavior where the WAF takes necessary actions to block requests considered dangerous.
#Off:
Temporarily deactivates the WAF.
#DetectionOnly:
In this case, the WAF takes necessary actions to identify requests considered dangerous, but allows them to pass through the WAF. This behavior is useful for conducting preliminary testing to detect potential false positives and subsequently include any necessary exceptions if needed.
If you notice that the WAF is considering certain requests as dangerous, even though they are perfectly valid, and you encounter false positives, you can include exceptions for such cases using the TCDN-WAF-Allow-Rule-Exceptions
header.
Thus, going back to the previous example, we just need to deploy a similar to the following from the :
Continuing with the previous example, if you observe that requests to URLs under /path/completely/secure/
are being blocked by the WAF due to rule violations (ruleID_1, ruleID_2, ruleID_3, ..., ruleID_n
), you can specify that these matches should be treated as exceptions. To do so, you can deploy the following from the :
These are just small examples of very specific use cases. If you have any questions regarding how to integrate this functionality into your own domain, please don't hesitate to contact us at .