1. Home
  2. Security
  3. How to Configure the Web App Firewall (WAF) and View Firewall History

How to Configure the Web App Firewall (WAF) and View Firewall History

Overview

A Web Application Firewall (WAF)‘s role is to filter incoming requests to a HTTP server. This module analyzes the requests received by using a database of request rules considered as unwanted.

You can enable or disable the web application firewall and customize its rules. It is also possible to view the firewall history of each domain.

Note :The Glossary of N0C contains explanations on multiple topics and can be consulted to clarify certain terms.

Prerequisite

Go to https://mg.n0c.com/en/.

How to View the Firewall Protection History

  1. Go to Security > Firewall History:
  1. Use the Filter by domain drop-down list to refine the search.
  1. Go to SecurityWeb App Firewall (WAF):
  1. To link the entire protection to a domain name, simply activate WAF by clicking on the slider button under “STATUS”.

How to Customize Rules

It is possible to customize the rules of WAF for each domain. 

Note:

Always customize the rules first. As a last resort, you can disable all the rules, but the site becomes more vulnerable to attacks.

  1. Locate the domain for which you need to customize the rules:
  1. Click on the Edit firewall rules icon.
  2. Fill in the Search field if you are looking for a specific rule to customize:
  1. Use the slider buttons to customize the rules.
  2. Click on Show Subrules icon, if needed.

Meaning of the Rules

You can easily know the meaning of each rule:

  1. Locate the rule to be defined:
  1. Click on the View rule documentation icon.
  2. A search on “Atomicorp Product Documentation” website is automatically performed.

How to Disable ModSecurity (HTTP Error 406)

There are several possible causes for an HTTP 406 error. The main one is a brute-force attack on your back office. In fact, there are protections that lock access for around ten minutes by displaying an HTTP 406 error.

If you do not want to take advantage of this protection, you can disable ModSecurity. To do this, in the Web Application Firewall Rules (WAF) window, simply deactivate the modsecurity internal error flagged rule by clicking on the appropriate slider :

How to Revert to the Default Domain Configuration

  1. Click on the Revert to default configuration button.
  1. The slider buttons are automatically adjusted to the initial state.
Updated on October 30, 2024

Related Articles