How Can We Help?
< All Topics
Print

WAF Integration

Web Application Firewall rules integrated with cPGuard is a powerful feature to fight against web attacks. The rules are carefully crafted and updated frequently to ensure that the new types of attacks can be prevented before it is reaching your websites. Also, the rules are carefully tested against Apache, LiteSpeed, OpenLitespeed, and Nginx web servers and are fully compatible with all of them.

Since nowadays many people use WAF rules from various servers and configure their servers accordingly, we turn off WAF by default during installation which the user can turn ON at any time. This is just to ensure that there will not be any conflict with the existing rule sets.

You can modify more WAF settings from the UI by opening a server on the app portal and going to Settings >> WAF

Enable/Disable WAF

PLease refer the requirements before enabling WAF

You can use the following commands to enable/disable WAF on your server.

cpgcli waf --enable
cpgcli waf --disable

You can additionaly enable or disable optional WAF modules by listing the modules you want to enable like

cpgcli waf --enable=scanner,webshell,capthca,crawler
cpgcli waf --disable=scanner,webshell,capthca,crawler

Whitelist rules

You can whitelist certain WAF rules which are causing issues on your server or reporting false positives by getting the rule id from the WAF logs (UI) or the id from ModSec/Webserver logs

To add to whitelist use 

 waf --whitelist --add 4500006

To remove a rule from whitelist

 waf --whitelist --remove 4500006

Please note that updates to WAF configuration is applied only after a time delay and is mostly followed by a web server restart.

Was this article helpful?
5 out of 5 stars

1 rating

5 Stars 100%
4 Stars 0%
3 Stars 0%
2 Stars 0%
1 Stars 0%
5
How can we improve this article?
Please submit the reason for your vote so that we can improve the article.
Table of Contents