How to check your WAF mode

Azion Web Application Firewall (WAF) can operate in two different modes learning and blocking. When in learning mode, WAF analyzes threats without actually blocking them. When in blocking mode, all requests considered as threats are blocked and don’t even reach the server (origin).

The learning mode (or calibration stage) helps to improve WAF services and reduce false positives. Blocking mode will provide real-time protection against all supported threat families.

See the list of all threat families that WAF can protect your applications from.

This documentation will guide you on how to create, locate, and edit the operation mode of a WAF Rule Set configuration.

WAF Rule Set is how a WAF configuration instance is called.

Prerequisites

Section titled Prerequisites

The WAF operation mode is set on the Rules Engine tab of an Edge Firewall configuration. Make sure you have:

  • An Edge Firewall configuration associated with the domains of your edge applications.
  • This Edge Firewall configuration should have at least one WAF Rule Set.

If you don’t have a configured WAF Rule Set, check the documentation for more details on Web Application Firewall.

How to check and edit WAF operation mode

Section titled How to check and edit WAF operation mode

To check or edit the operation mode of a WAF, follow the steps:

  1. Access Real-Time Manager (RTM).
  2. Open the Products menu, indicated by the three horizontal lines. In the SECURE section, click on Edge Firewall.
  3. From the list, find and select the Edge Firewall configuration running the WAF Rule Set.
  4. From the Main Settings tab, make sure:
    • All domains from your application are selected on the Chosen Domains list.
    • The Network Layer Protection and Web Application Firewall module switches are enabled.
    • If you’ve made any changes, click Save.
  5. Click on the Rules Engine tab.
  6. Select the rule associated with the WAF Rule Set for which you want to configure the operation mode.

This rule should have similar Criteria/Behavior logic, and the WAF mode will be below the name of the WAF Rule Set:

Criteria: If: [Request URI] [starts with] [/].
Behavior: Then: [Set WAF Rule Set] [<name-of-waf-rule-set>] [Learning/Blocking].

  1. Click the Save button.

Contributors