Knowledge Base
medianova.comSupportLog in
  • Welcome to the Medianova Knowledge Base
  • Getting Started
    • Concepts
    • Start your Free Trial
  • Products
    • Security
      • DDoS Protection
      • SSL/TLS Encryption
        • How to upload and manage SSL Certificates?
        • How to Extract CRT and KEY Files from a PFX Certificate
        • How can I use Free SSL?
        • FAQ
      • Web Application Firewall (WAF)
        • How to activate WAF?
        • Analytics
      • Rate Limiting
      • Hotlink Protection
      • IP Restriction
      • Geoblocking
      • FAQs
    • Performance / CDN
      • Static Content Delivery
        • Create Small Resource
        • Create Large Resource
        • Integrating Static CDN Resource
        • Configuration Basics
          • Medianova IP Blocks
        • Advanced Configuration
          • Origin Settings
            • Advanced Origin Settings
            • Rewrite Origin URLs
            • Origin SNI Request
            • Redirect Handle From Origin
            • Origin Response Timeout
          • CNAME
          • Caching
            • Edge Cache Expiration
            • Browser Cache Rule
            • Query String Caching
            • Etag Verification
            • Error Status Code Cache Expiration
            • Shared Cache
            • Stale Cache
            • Robots.txt file
            • Range Based Caching
          • Headers
            • CORS Header
            • Custom Header
            • X-CDN Header
            • Origin Host Header
            • HTTP Strict Transport (HSTS) Protection
            • X-Frame Options
            • X-XSS Protection
            • X-Content Type Options
          • Purge
          • Prefetch
          • Page Rules
            • Manage Page Rules
            • Page Rules Settings
          • Compression
            • How to Configure Gzip and Brotli
        • Website Framework Integrations
          • Magento CDN Integration
          • Wordpress CDN Integration
          • Phalcon CDN Integration
          • CakePHP CDN Integration
        • Analytics
      • Dynamic Content Acceleration
        • Create Dynamic Resource
        • Integrating Dynamic CDN Resource
        • Aksela Test Steps
        • Advanced Configuration
          • Origin Settings
            • Advanced Origin Settings
            • Rewrite Origin URLs
            • Origin SNI Request
            • Redirect Handle From Origin
            • Origin Response Timeout
          • Caching
            • Edge Cache Expiration
            • Browser Cache Rule
            • Query String Caching
            • Etag Verification
            • Error Status Code Cache Expiration
            • Shared Cache
            • Stale Cache
            • Disallow Cookie Base Cache
            • Cookie Base Cache
            • Header Base Cache
            • Header Value Base Cache
            • MNUID Cookie Base Cache
            • Mobile Redirect
          • Headers
            • CORS Header
            • Custom Header
            • X-CDN Header
            • Origin Host Header
            • HTTP Strict Transport (HSTS) Protection
            • X-Frame Options
            • X-XSS Protection
            • X-Content Type Options
          • Purge
          • Prefetch
          • Page Rules
          • Compression
        • Analytics
      • Streaming Content Delivery
        • Create Streaming Resource
        • Advanced Configuration
          • Origin Settings
            • Redirect Handle From Origin
            • Origin Response Timeout
          • Headers
            • CORS Header
            • Custom Header
            • X-CDN Header
            • Origin Host Header
          • Stream Management
        • Analytics
      • API Caching
      • Private CDN
      • Image Optimization and WebP
        • What is Image Optimization and How Does It Work?
        • What is WebP and How Does It Work?
        • How to Activate Image Optimization and WebP?
        • Analytics
      • FAQs
    • Object Storage / Stook
      • What is Stook?
      • How to Create Stook?
      • How to Connect Bucket?
      • Access Key Management
      • Stook Integration and Usage Guides
        • Migrating Data to Stook Using Rclone
        • Data Transfer to Stook with Cyberduck
        • How to use the AWS SDK for Laravel with Stook?
        • How to use the AWS SDK for PHP with Stook?
        • How do I use the AWS SDK for .NET with Stook?
        • Stook Storage User Guide for AWS CLI
        • How to use AWS SDK for JavaScript with Stook?
        • How do I use Stook with the AWS Java SDK?
        • Using Pre-Signed URL PHP with Stook
        • Using Pre-Marked URL NODEJS With Stook
    • Analytics (MN Logz)
      • Real-Time Logpush
      • Raw Logs
  • Account & Billing
    • Managing Account and Organizations
      • Create new organization
      • Invite user
      • Changing Cloud Panel password
      • Access Controls and Authentication
    • Subscription and Billing
      • Packages
        • Free Trial
        • Starter
        • Growth
        • Enterprise
        • Add-ons
      • Policy
      • Upgrade & Downgrade Procedures
      • Changing your subscription package
      • Payment Info
      • Invoices
  • API Documentation
    • Authentication
    • Security
      • Web Application Firewall (WAF)
      • SSL/TLS
      • Always Use HTTPS Settings
      • Origin Basic Authentication
      • Secure Token
      • Bot Protection
      • Hotlink Protection
      • User Agent ACL
      • IP Restriction ACL
      • Geoblocking
    • Performance / CDN
      • Resources
      • Origin Settings
      • CNAME & SSL
      • Caching
      • Headers
      • Image Optimization & WebP
      • Page Rule
      • Purge
      • Prefetch
      • Stream Management
    • Object Storage / Stook
    • Analytics
      • WAF Analytics
  • Support and Troubleshooting
    • Common Issues and Solutions
      • Troubleshooting Common Setup Issues
      • Troubleshooting Performance Problems
    • Contacting Customer Support
  • Glossary
    • Definition of Important CDN Terms
    • Acronyms and Abbreviations
    • Definition of HTTP Status Error Codes
Powered by GitBook
LogoLogo

© 2025 Medianova. All rights reserved.

On this page

Was this helpful?

Export as PDF
  1. Products
  2. Security
  3. Web Application Firewall (WAF)

How to activate WAF?

PreviousWeb Application Firewall (WAF)NextAnalytics

Last updated 5 months ago

Was this helpful?

Activating the Web Application Firewall (WAF) in the Medianova Cloud Panel enhances your website's security by protecting against potential threats. Whether you’re setting up a new Dynamic CDN Resource or configuring an existing one, the process is straightforward. This guide provides step-by-step instructions to activate WAF, customize its settings, and choose between "Monitoring Only" or full protection modes to safeguard your applications effectively.

  1. You can access the Medianova cloud panel by logging in with your username and password at .

  2. Click on the “CDN → Create CDN Resource” option on the left menu of the panel if you haven’t created a Dynamic CDN Resource yet. Skip Step 2 and proceed to Step 3, if you have a Dynamic CDN Resource already.

Select Dynamic CDN Resource in the “Start building your CDN” area.

Fill in the requested information and click on the “Create CDN Resource” button.

  1. Click on the “Security → WAF” option on the left menu of the panel and press on one of the listed resources to configure and activate your WAF service.

  1. You need to change the WAF status to “Monitoring Only” or “On”, to proceed with adding custom rules based on your specific requirements. In the “Monitoring Only” mode, our WAF provides real-time monitoring for potential threats, while allowing all traffic to pass through uninterrupted, providing you with valuable insights into your website’s security posture without affecting its functionality.

  2. Next, you can define custom rules based on a wide range of parameters. These are;

  • Request Method: Represents the different request methods (GET, POST, PUT, DELETE, etc.) used in the HTTP protocol. It can properly limit the methods of requests to the web application and increase the security of the application.

  • Client IP: Represents the IP address of the user connecting to the web application. This information can improve the web application’s ability to verify the origin of requests and perform security checks.

  • Referrer: Represents the URL of the previous page that redirects to the web page. This information can help the web application learn more about the origin of its requests and increase security controls.

  • Args: Represents the arguments in the HTTP request. These arguments contain the information required for the Web application to function correctly. However, malicious arguments submitted by malicious users can cause security vulnerabilities in the application.

  • Request URI: Represents the destination URL of the HTTP request. This information can help the Web application determine how it handles requests and perform security checks.

  • Request Protocol: Represents the HTTP protocol used (HTTP/1.1, HTTP/2 etc.). Using the correct protocol version can ensure that the web application functions correctly and performs security checks.

  • User Agent: Represents information of the agent (usually a browser) making the HTTP request. This information can help the Web application determine how it handles requests and perform security checks.

5.1. Fill in a “Rule Name” for your custom rule.

5.2 Click on the “Field” dropdown menu and select the parameter you would like to use.

5.3 Choose the corresponding “Operator” and “Value”.

5.4 Press the “And” button if you would like to create a chain of conditions. Please note that current WAF version supports maksimum 3 chain of conditions.

5.5 Select the action you want your WAF to take, when incoming requests match your chain of conditions.

5.6 When you finish entering the required information for your custom rule, press the “Add Rule” button. You can continue to add rules according to your needs.

5.7 When you are done adding rules, please press the “Submit” button.

  1. You can edit or delete a custom rule by clicking on the “Edit” and “Delete” icons. When you click on the “Edit” icon, you will see the following screen. Press the “Submit” button after editing your rule.

  2. After activating your WAF in “On” or “Monitoring Only” mode, you can monitor metrics by clicking on “Analytics → WAF” option on the left menu of the panel. Select your WAF resource to display the following metrics;

  • Threats: The number of requests made to the WAF rules among the requests made to the website.

  • Top 10 Client IPs: User IP addresses from which requests plugged into WAF rules come from.

  • Top 50 Request Uri: Addresses where requests stuck in WAF rules are made.

  • Top 50 User Agent: Device information from which requests plugged into WAF rules are made.

  • Rule: Information on which rule the requests stuck in WAF rules are stuck on.

  • Last 300 Activity Log: Detailed information of the last 300 requests stuck in WAF rules.

cloud.medianova.com