Manage your WAF

This guide explains how to enable and monitor the Web Application Firewall (WAF) for your Content Delivery Network (CDN) distributions. By default, the WAF is disabled for new distributions.

Enable the Web Application Firewall

When you first enable the WAF, it is highly recommended to set the execution mode to “Log”. This allows you to monitor potential rule violations without actively blocking legitimate traffic while you fine-tune your configuration.

To enable the WAF and configure the initial logging mode:

1. Go to Networking > CDN.
2. Click the name of your distribution.
3. In the sub-menu under the Security section, click WAF.
4. Click Overview.
5. In the Web Application Firewall section, click Edit.
6. Turn on the Enable WAF toggle.
7. Click Save.
8. In the rule execution mode section, click Edit.
9. Set the Rule execution mode to Log.
10. Click Save.

Your WAF is now active. It will log requests that violate your WAF rules but will not block them.

View WAF logs

Once the WAF is enabled, you can monitor incoming traffic and analyze how your WAF rules evaluate requests.

To view and inspect WAF logs:

1. In your distribution details, click the Logs sub-menu. 2. Review the WAF action column. This column displays one of the following statuses for each request: * Allow: The request passed all rules normally. * Monitor: The request violated a rule, but the WAF is set to log-only mode (or the specific rule is set to monitor). The request was not blocked. * Blocked: The request violated a rule and was actively blocked by the WAF. 3. To investigate a specific request, click on the corresponding log entry. 4. Scroll to the WAF Log section to view detailed information, including the origin of the request and the specific reason or rule that triggered the log entry.