# How to Activate WAF

**WAF (Web Application Firewall)** enhances your website’s security by inspecting and filtering incoming HTTP/HTTPS traffic.\
You can enable it for any **Dynamic CDN Resource**, select the protection mode, and create **Custom Rules** to detect and block malicious requests.

{% hint style="info" %}
WAF is available only for **Dynamic CDN Resources**. Ensure your resource is active before proceeding.
{% endhint %}

{% stepper %}
{% step %}
**Access the WAF**

To begin configuration, log in to the [**Medianova Control Panel**](https://cloud.medianova.com) and navigate to the WAF settings.

* Go to **Security → WAF** in the left-hand menu.
* Select the Dynamic CDN Resource where you want to activate WAF.
* The WAF configuration page will open.

<figure><img src="https://542970813-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FtK7oIwmhUHdEJcaH4Hx8%2Fuploads%2FEst6TLMx4EvsAPOtVODw%2FEkran%20Resmi%202025-12-30%2017.02.46.png?alt=media&#x26;token=b1aefcdb-0215-4e0e-a20f-5b5f37c0ea3b" alt="" width="563"><figcaption></figcaption></figure>

{% hint style="info" %}
If you haven’t created a Dynamic CDN Resource yet, go to **CDN → Create CDN Resource** first, then return to this section.
{% endhint %}
{% endstep %}

{% step %}
**Choose WAF Mode**

Select how the firewall will operate for your CDN Resource.

* **Monitoring Only:** Logs all requests but does not block them. Recommended for initial setup and rule tuning.
* **On:** Fully active mode that filters and blocks malicious traffic in real time.

After selecting a mode, click **Save** to apply the change.

<figure><img src="https://542970813-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FtK7oIwmhUHdEJcaH4Hx8%2Fuploads%2FQqCUxECkHQojQiGaUiO7%2FEkran%20Resmi%202025-12-30%2017.03.15.png?alt=media&#x26;token=0d1c31ac-0c7a-4039-90ae-d82a04f3e076" alt=""><figcaption></figcaption></figure>

{% hint style="info" %}
Start with **Monitoring Only** mode to observe your application’s normal request patterns before enabling full protection.
{% endhint %}
{% endstep %}

{% step %}
**Create Your First Rule**

After activation, you can define custom rules to control how WAF handles requests.\
For example, you can block requests from specific IP ranges or allow trusted user agents.

To create or manage rules, go to [Managing Rules & Actions](https://clients.medianova.com/products/security/web-application-firewall-waf/manage-rules-and-actions).

{% hint style="info" %}
Rule configuration is optional at activation. WAF includes predefined Managed Rules that are enabled by default.
{% endhint %}
{% endstep %}

{% step %}
**Verify WAF Activation**

Once WAF is enabled, the **Status** indicator on your resource page will show “Active.”\
Incoming requests are now analyzed by the firewall and logged in real time.

You can monitor activity in the **Analytics → WAF Dashboard** section.

{% hint style="info" %}
WAF logs and metrics may take up to a few minutes to appear after initial activation.
{% endhint %}
{% endstep %}
{% endstepper %}

#### Best Practices

* Always start with **Monitoring Only** mode for new configurations.
* Combine **Managed Rules** and **Custom Rules** for optimal coverage.
* Review your WAF Analytics regularly to track threats and rule behavior.
* Avoid creating overly broad rules to minimize false positives.