Web Application Firewall (WAF)
The Web Application Firewall (WAF) is designed to protect web applications from various network attacks, such as Cross-Site Scripting (XSS), SQL Injection, and other threats.
Parameter Description
| Parameter Name | Data Type | Required | Description |
|---|---|---|---|
| rule_sets | array | Yes | List of names of the rule sets that need to be enabled |
| action | string | Yes | The action to take when WAF protection is triggered, options include log (logging), 403 Forbidden (access denied), edge-captcha (OpenResty Edge captcha), redirect (redirection) |
| sensitivity | string | Yes | WAF protection sensitivity level, options are high, medium, low, none |
| score | number | No | Custom sensitivity score when sensitivity is set to none |
| clearance | number | No | The validity period after the captcha is triggered, default value is 60 seconds |
| redirect_url | string | No | The specified redirect URL when the action is set to redirect |
| cross_requests | bool | No | Set to true to enable cross-request mode. The default value is true, recommended to be set to false |
| rule_sets_threshold | list | No | Set sensitivity scores individually for each rule set, which must correspond with the rule sets listed in rule_sets |
You can choose to use built-in rule sets or customize your WAF ones. Below is a list of available built-in WAF rule sets:
- scanner_detection
- protocol_enforcement
- protocol_attack
- application_attack_lfi
- application_attack_rfi
- application_attack_rce
- application_attack_php
- application_attack_nodejs
- application_attack_xss
- application_attack_sqli
- application_attack_session_fixation
- application_attack_java
Configuration Example
- enable_rule: true
conditions:
- op: eq
var: uri
val: /waf
waf:
rule_sets:
- scanner_detection
- protocol_enforcement
- application_attack_xss
- application_attack_sqli
sensitivity: medium
action: "403 Forbidden"
cross_requests: false
In the example above, WAF is enabled when the request’s URI is /waf, and the enabled rule sets include scanner_detection, protocol_enforcement, application_attack_xss, and application_attack_sqli, with the protection sensitivity level set to medium. Once the WAF protection mechanism is triggered, the action is performed, and the HTTP status code 403 is returned, indicating that the request is forbidden.