We have multiple sets of rules packaged with the WAF which you can optionally enable or disable along with the core rules. When you enable additional rules, it gives you a higher level of security. However, extra rules may also increase the possibility of blocking some legitimate traffic ( especially RBLand WEB SHELL protection rules set ) due to false alarms. It is likely that you will need to add some whitelist for certain rules IDs which are triggering and cause trouble for your web applications.
We have the following different types of extra WAF rules available for your configuration.
1. RBL Protection:- This provides the advanced DDoS protection for POST attacks [ brute-force, script exploits ] and blocks common abusive IP addresses collected through our network of servers with cPGuard installed.
2. Captcha Protection:- Recommended This rule set will enforce all users to verify not as bot before accessing the CMS [ like WordPress, Joomla, etc ] login pages or submitting the login credentials. Once they are identified as a real user, they will be able to log in to their website. This can greatly reduce the load due to brute-force attacks. We recommend turning this ON as it can help to block many attacks before reaching your application and helps to reduce server load.
3. WEBSHELL protection:- If you enable this rule set, your server will be protected from the execution of PHP shells like following
- Phoenix WebShell
The front page may open in web shells, but command execution [ like a copy, delete, move, etc ] is blocked. You can enable this rules set if you control all the web apps on your server.
4. SCANNER protection:- Recommended This will help to keep away bad crawlers from your system. This is a major headache for web hosts and causes unnecessary use of system resources. It can block
- Bad User-Agents
- Bad search engine crawlers (Cause High loads)
Please note that these are EXTRA rules which are loaded along with the core rules set, which is refined and tuned to work with a very small percentage of false positives. Please refer to the following images to manage your WAF Settings.