AtomicEdge

Documentation

WAF Security Rules

Configure and customize your Web Application Firewall protection rules.

Rule Groups

OWASP Core Rule Set

  • Purpose: Industry-standard protection against common attacks
  • Coverage: SQL injection, XSS, file inclusion, and more
  • Recommendation: Always keep enabled for baseline security

WordPress Rules

  • Purpose: Specialized protection for WordPress sites
  • Coverage: Login attacks, plugin vulnerabilities, theme exploits
  • When to Use: Enable if your site runs on WordPress

Custom Rules

  • Purpose: Site-specific protection rules
  • Coverage: Your unique security requirements
  • Management: Create, edit, and disable custom rules

Protection Levels

Low Sensitivity

  • Best for: Development sites, internal applications
  • Behavior: Fewer false positives, may miss some attacks
  • Risk: Lower protection, higher chance of attack success

Medium Sensitivity (Recommended)

  • Best for: Most production websites
  • Behavior: Balanced protection with minimal false positives
  • Risk: Good protection with reasonable false positive rate

High Sensitivity

  • Best for: High-security environments, sensitive data
  • Behavior: Maximum protection, may block legitimate traffic
  • Risk: Highest protection, requires careful tuning

Rule Configuration

Enabling/Disabling Rules

  1. Go to Sites → Select your site → WAF Tab
  2. Choose rule groups to enable or disable
  3. Toggle individual rules within groups
  4. Save changes to apply new configuration

Custom Exceptions

  • IP Whitelisting: Allow trusted IP addresses to bypass rules
  • Path Exclusions: Disable protection for specific URLs
  • Parameter Exclusions: Allow specific form fields or parameters

Common Rule Types

SQL Injection Protection

  • Rule IDs: 942xxx series
  • Purpose: Block database manipulation attempts
  • Examples: Login form attacks, URL parameter injection

Cross-Site Scripting (XSS)

  • Rule IDs: 941xxx series
  • Purpose: Prevent malicious script injection
  • Examples: Comment form attacks, search field exploits

File Inclusion Attacks

  • Rule IDs: 930xxx series
  • Purpose: Block unauthorized file access attempts
  • Examples: Path traversal, remote file inclusion

Brute Force Protection

  • Rule IDs: 912xxx series
  • Purpose: Limit automated login attempts
  • Examples: Password guessing, credential stuffing

Rule Tuning

Reducing False Positives

  1. Review blocked requests in security logs
  2. Identify legitimate traffic being blocked
  3. Create exceptions for specific IPs or paths
  4. Lower sensitivity if needed for specific rules

Increasing Protection

  1. Enable additional rule groups for your site type
  2. Increase sensitivity level for critical applications
  3. Add custom rules for specific threats
  4. Monitor logs for new attack patterns

Best Practices

Regular Review

  • Weekly: Check for new false positives
  • Monthly: Review rule effectiveness
  • Quarterly: Update rule sets and configurations

Testing Changes

  • Staging Environment: Test rule changes before production
  • Gradual Rollout: Enable new rules incrementally
  • Monitor Impact: Watch for legitimate traffic blocks

Documentation

  • Change Log: Record all rule modifications
  • Exception Reasons: Document why exceptions were created
  • Performance Impact: Monitor rule processing overhead

Need Help?

  • 💬 Live Chat: Get help configuring WAF rules
  • 📧 Email Support: support@atomicedge.io
  • 🛡️ Managed Security: Let our experts manage your rules (Enterprise)