Web Application Firewall
Medianova WAF watches all the web traffic coming in, finds any malicious pattern, and thwarts potential threats before they can compromise web assets. It offers pre-defined Managed Rules and enabling these managed rulesets grants immediate protection against a wide range of security threats.
You can activate your WAF by following the instructions here.
Once you have activated your WAF, you can start configuring your managed rulesets and custom rules based on your requirements.
Enable / Disable a Managed Ruleset
You can toggle the switch beside a managed ruleset to activate or deactivate it.
Enable / Disable a Specific Rule
You can click on the managed ruleset and see the specific rules that are tied to the ruleset. You can toggle the switch beside a specific rule to activate or deactivate it.
Creating a Custom Rule
You can create customized rules using parameters such as user agent, request protocol, request URI, client IP, referrer, and request method. You should enter a rule name, define the appropriate condition, select the WAF action and submit your changes to create a custome rule.
Handle False Positives
If you come across a false positive resulting from a managed rule, you take one of the following actions:
You can start by activating your WAF in Monitoring-Only mode, to observe underlying traffic, analyze your security posture and derive valuable insights without impeding traffic flow. According to these insights, you can tune your WAF by properly configuring your managed rulesets and custom rules.
You can disable the associated managed rule. While this approach can help prevent false positives, it does come with the trade-off of diminishing the overall security of the site.
If a particular rule is responsible for false positives, you may consider to deactivate that individual rule rather than the entire ruleset.
You can create custom rules for tailored defense and preventing false positives.