Web Application Firewall rules integrated with cPGuard is a powerful feature to fight against web attacks. The rules are carefully crafted and updated frequently to ensure that the new types of attacks can be prevented before it is reaching your websites. Also, the rules are carefully tested against Apache, LiteSpeed, OpenLitespeed, and Nginx web servers and are fully compatible with all of them.
Since nowadays many people use WAF rules from various servers and configure their servers accordingly, we turn off WAF by default during installation which the user can turn ON at any time. This is just to ensure that there will not be any conflict with the existing rule sets.
You can modify more WAF settings from the UI by opening a server on the app portal and going to Settings >> WAF
You can use the following commands to enable/disable WAF on your server.
cpgcli waf --enable
cpgcli waf --disable
You can additionaly enable or disable optional WAF modules by listing the modules you want to enable like
cpgcli waf --enable=scanner,webshell,capthca,rbl
cpgcli waf --disable=scanner,webshell,capthca,rbl
You can whitelist certain WAF rules which are causing issues on your server or reporting false positives by getting the rule id from the WAF logs (UI) or the id from ModSec/Webserver logs
To add to whitelist use
waf --whitelist --add 4500006
To remove a rule from whitelist
waf --whitelist --remove 4500006
Please note that updates to WAF configuration is applied only after a time delay and is mostly followed by a web server restart.