Learn the difference between monitoring and blocking modes, and how CyberWAF uses advanced rule sets to analyze and filter incoming traffic. #
What is a Web Application Firewall (WAF)? #
A WAF is a dedicated security layer (Layer 7) that filters, monitors, and blocks malicious HTTP traffic aimed at your web application. Unlike a traditional firewall, the WAF inspects the content of the data (forms, cookies, requests) to prevent application-specific attacks.
WAF Filtering Modes Explained #
Your WAF can typically operate in two main modes:
-
Monitoring Mode (Passive): The WAF analyzes all incoming traffic and logs any malicious attempts it detects, but it does not block them. This mode is useful during initial deployment to tune rules and identify potential false positives before enabling full protection.
-
Blocking Mode (Active): The standard, recommended mode. The WAF actively blocks any request that matches a known malicious signature (e.g., SQL Injection, XSS) before it reaches your application.
How Our Rule Sets Work #
CyberWAF utilizes constantly updated rule sets based on industry standards (like the OWASP Top 10) and proprietary intelligence. These rules are designed to recognize patterns indicative of attacks, such as:
-
Unusual characters or commands in form fields.
-
Attempts to access system files or directories.
-
Overly complex or repetitive queries (often indicative of brute force or scraping).
