• Guides
• Tune Waf

You can use the WAF Tuning feature to analyze network lists, IPs, and countries that have matched configured WAF rule sets.

In this guide, you’ll filter possible attacks in your WAF and create an allowed rule from the results you receive.

Requires:

• Configured edge firewall
  
• Activated WAF in the edge firewall

After setting up the initial configurations, proceed as follows:

1. Access Azion Console > WAF Rules.
2. Select the Tuning tab.
   • Under the Filter Possible Attacks section, you’ll find the available variables to filter.
3. In the Domain(s) dropdown, select the domains you want to analyze. Mandatory field.
4. Optionally, you can choose to filter by:
   • Time range
   • Network List
   • IP Address
   • Country
5. Click the Apply filter button.

To exemplify a real-life situation, let’s assume the existence of a few variables:

1. On Domain(s), select www.mydomain.com and www.anotherdomain.com.
2. On Time Range, select Last 12 hours.
3. On Network List, select Blocklist IPs.
4. Click Apply filter.

You’ll receive a list of records regarding the filters you’ve applied. In this case, records that match the Blocklist IPs network list.

You can do a drilldown of the records by clicking on each of them with information on Hits, IPs, Countries, Top 10 IPs Address, Top 10 Countries, and Top 10 Paths.

Once you filter a query with WAF Tuning, you can create an allowed rule from the presented results. To do so:

1. Use the Field chechbox to select the records you want to create an allowed rule.
   • You can select as many records as you want.
2. Click the Allow Rules button.

You can go to the Allowed Rules tab on the WAF Rules page to check the allowed rule was successfully created. All new requests to the specified domains in your configured edge firewall will be treated according to the newly added rules.

Contributors