Web Application Firewall (WAF) Profile
Web protection profiles are a collection of Web Application Firewall (WAF) rules that can detect and block known web application attacks. You can configure WAF profiles to use signatures and constraints to examine web traffic. You can also enforce an HTTP method policy, which controls the HTTP method that matches the specified pattern. It typically protects web applications from attacks such as cross-site forgery, cross-site-scripting (XSS), file inclusion, and SQL injection, among others.
|
Rulesets |
Description |
|---|---|
|
Core Rules |
The core rules are a standard set of rules from ModSecurity CRS (Core Rule Set) that provide a base level of protection for any web application. |
|
Trustwave Rules |
The Trustwave rules are a premium set of rules from ModSecurity based on intelligence gathered from real-world investigations, penetration tests and research that provide an advanced level of protection for specific web applications and frameworks. |
|
Custom Rules |
The custom rules are a particular set of rules written by customers that provide a specialized level of protection for custom web applications. |
Note that the WAF profile does not include malicious IPs. See Malicious IP Profile and Network Intrusion (IDS/IPS) Profile for more information.