AtomicEdge

Documentation

WAF Security Settings

Configure Web Application Firewall rules and protection levels for your site.

Protection Levels

Low Sensitivity

  • Best for: Development sites, internal applications
  • Behavior: Fewer false positives, may miss some attacks
  • Use when: Testing new features or troubleshooting issues

Medium Sensitivity (Recommended)

  • Best for: Most production websites
  • Behavior: Balanced protection with minimal false positives
  • Use when: Standard business websites, blogs, e-commerce

High Sensitivity

  • Best for: High-security environments, sensitive data
  • Behavior: Maximum protection, may block legitimate traffic
  • Use when: Banking, healthcare, government sites

Rule Groups

OWASP Core Rule Set

  • Purpose: Industry-standard protection against common attacks
  • Coverage: SQL injection, XSS, file inclusion, and more
  • Status: Always recommended to keep enabled

WordPress Rules

  • Purpose: Specialized protection for WordPress sites
  • Coverage: Login attacks, plugin vulnerabilities, theme exploits
  • Enable if: Your site runs on WordPress

Custom Rules

  • Purpose: Site-specific protection rules
  • Management: Create, edit, and disable custom rules
  • Use for: Unique security requirements for your application

Custom Exceptions

IP Whitelisting

  • Purpose: Allow trusted IP addresses to bypass certain rules
  • Use for: Your office IP, trusted partners, development servers
  • Format: Single IPs (192.168.1.100) or ranges (192.168.1.0/24)

Path Exclusions

  • Purpose: Disable WAF protection for specific URLs
  • Use for: Admin tools, APIs, file uploads that trigger false positives
  • Examples: /admin/upload, /api/webhook, /tools/

Parameter Exclusions

  • Purpose: Allow specific form fields to bypass filtering
  • Use for: Rich text editors, code submission forms
  • Examples: content, description, code_snippet

Site-Specific Configurations

WordPress Sites

  • Login Protection: Enhanced brute force prevention
  • Plugin Security: Protection for vulnerable plugins
  • Comment Filtering: Spam and malicious comment blocking

E-commerce Sites

  • Payment Protection: Enhanced security for checkout pages
  • Shopping Cart Security: Protection for cart functionality
  • Fraud Detection: Advanced threat analysis

API Endpoints

  • Rate Limiting: Control API request frequency
  • Authentication: API key and token validation
  • Schema Validation: Ensure proper API request format

Testing Changes

Safe Testing Process

  1. Start with lower sensitivity for new sites
  2. Monitor security logs for false positives
  3. Gradually increase protection as needed
  4. Create exceptions for legitimate blocked requests

Monitoring After Changes

  • Check security logs for new blocked requests
  • Test key site functions (login, checkout, forms)
  • Monitor site performance for any impact
  • Review attack patterns to ensure protection is working

Need Help?

  • 💬 Live Chat: Get help configuring WAF rules
  • 📧 Email Support: support@atomicedge.io
  • 🛡️ Managed Security: Let our experts manage your rules (Enterprise)