Manage your CDN WAF

This guide explains how to enable and monitor the Web Application Firewall feature (CDN WAF) for your Content Delivery Network (CDN) distributions. By default, the CDN WAF is disabled for new distributions.

Enable the Web Application Firewall

When you first enable the CDN WAF, it is highly recommended to set the execution mode to “Log”. This allows you to monitor potential rule violations without actively blocking legitimate traffic while you fine-tune your configuration.

To enable the CDN WAF and configure the initial logging mode:

1. Go to Networking > CDN.
2. Click the name of your distribution.
3. In the sub-menu under the Security section, click WAF.
4. Click Overview.
5. In the Web Application Firewall section, click Edit.
6. Turn on the Enable WAF toggle.
7. Click Save.
8. In the rule execution mode section, click Edit.
9. Set the Rule execution mode to Log.
10. Click Save.

Your CDN WAF is now active. It will log requests that violate your rules but will not block them.

View CDN WAF logs

Once the CDN WAF is enabled, you can monitor incoming traffic and analyze how your rules evaluate requests.

To view and inspect CDN WAF logs:

1. In your distribution details, click the Logs sub-menu.

2. Review the WAF action column. This column displays one of the following statuses for each request:

   • Allow: The request passed all rules normally.
   • Monitor: The request violated a rule, but the CDN WAF is set to log-only mode (or the specific rule is set to monitor). The request was not blocked.
   • Blocked: The request violated a rule and was actively blocked by the CDN WAF.

3. To investigate a specific request, click on the corresponding log entry.

4. Scroll to the WAF Log section to view detailed information, including the origin of the request and the specific reason or rule that triggered the log entry.