Skip to main content

AI-WAF

The AI-WAF is the core rule engine in WAAP. It inspects each request to a protected website and blocks application-layer attacks (injection, XSS, path traversal and other OWASP-class threats), combining managed policies with AI-assisted scoring. The AI-WAF group in the left nav has six pages.

General Protection

Set the protection mode and pick the managed policy applied to each website.

AI-WAF — General Protection

  • Protection mode — Incoming, Monitoring mode (log only, no blocking), Protection policy, Custom policy or Origin.

  • WAF Monitoring Mode — add a website to monitoring to see what would be blocked (records into Analytics) before you enforce.

  • WAF Protection Policy — a catalog of managed policies you Apply to a website, each tuned to a different risk/false-positive balance:

    PolicyFor
    BasicBlocks only the most confident, widely-abused attack patterns — fewest false positives.
    StandardBalanced everyday protection (the common default).
    StrictAggressive blocking for high-security sites — expect more challenges/false positives.
    Basic Plus / Standard PlusThe Basic/Standard sets extended with additional rule groups.
    MonitoringLogs matches without blocking — for tuning.
    BalancedMiddle-ground security vs. usability.
    Breach and Attack Detection (BAD)Focused on detecting active breach/attack behaviour.
    API-SpecificTuned for API endpoints.
tip

Start a new site in Monitoring mode (or the Monitoring policy), watch Analytics for a few days, then switch to Standard/Balanced and enforce — this avoids blocking legitimate traffic on day one.

Advanced Protection

Targeted protection modules that go beyond the baseline WAF policy — each addresses a specific class of web threat. The page is a row of module tabs, and each module is its own rule list: pick a tab, click Add … Rule, and apply the rule to a website.

AI-WAF — Advanced Protection (module tabs)

ModuleWhat it does
Anti-LeechStops untrusted third-party sites from hotlinking your static resources.
Page Defacement MitigationDetects and blocks unauthorized changes to your page content.
CSRF ProtectionGuards against cross-site request forgery on state-changing requests.
Brute Force ProtectionThrottles/blocks repeated login (credential) attempts.
CC ProtectionGuards against surges of requests from the same source to specific paths (challenge-collapsar / app-layer flood).
XML ProtectionDefends against XML-based attacks (XXE, malformed/oversized XML).
Weak Password ValidationFlags weak passwords submitted to your site.
Vulnerability ScanningDetects scanner/probe traffic hunting for known vulnerabilities.
Honeypot ProtectionUses traps to identify and act on automated/malicious clients.
Cookie ProtectionProtects cookies against tampering/forgery.
Illegal Download ProtectionPrevents unauthorized downloading of protected content.

Each module's rule table shows ID, Name, Description, Website, Operation; rules are empty until you add them. Add … Rule opens a per-module rule editor (name, the module's specific settings, and an Apply to website picker) — for example the Anti-Leech rule editor:

Add Anti-Leech Rule editor

Enable only the modules relevant to your app to keep false positives low.

Compliance Validation

Validate that requests conform to HTTP protocol limits — oversized or malformed requests are blocked.

AI-WAF — Compliance Validation

Add HTTP Protocol Compliance Rules (per website) to enforce protocol limits on incoming requests. The table shows ID, Name, Description, Website, Operation.

Custom Rules

Create your own detection logic that applies to the protected websites.

AI-WAF — Custom Rules

The table lists your rules (ID, Name, Description, Websites, Operation). Click Add Custom Rule to open the rule builder:

Custom Rule builder

  1. General — a Name (1–26 chars) and optional Description.
  2. Triggering Condition — "a request matches the rule when it satisfies the conditions below": pick a Metric (e.g. Path), a Matching Condition (e.g. Regex), and a Value, then Add. Stack multiple conditions.
  3. Action — how matching requests are handled (Block, …) and the Response Status Code (e.g. 400).
  4. Apply to — select which protection-enabled websites the rule protects, then Save.

Use custom rules for app-specific policy the managed policies don't cover (block a path by regex, challenge a login endpoint…).

Web Access Control

AI-WAF — Web Access Control

Two controls:

  • Website Whitelist — specify URL paths that bypass AI-WAF detection for a website (use sparingly, e.g. a trusted internal endpoint that trips false positives).
  • Remove Auto-Web ACL — the AI-WAF automatically adds abusive IPs to a Web ACL; here you can remove a specific IP from that auto-generated ACL, or enter 0.0.0.0 to clear every IP from it.

Settings — File Management

AI-WAF — Settings (File Management)

Upload and manage the XSD and WSDL files that AI-WAF rules use — the schema/SOAP definitions the XML Protection rules validate against. Click Upload to add a file (name 1–64 chars: A-Z a-z 0-9 _ .); the table lists Name, Type, Uploaded Time, Operation.

Next steps