1. Home
  2. Security
  3. How to Configure the Web App Firewall (WAF) and View Firewall History

How to Configure the Web App Firewall (WAF) and View Firewall History

Overview

A Web Application Firewall (WAF)‘s role is to filter incoming requests to a HTTP server. This module analyzes the requests received by using a database of request rules considered as unwanted.

You can enable or disable the web application firewall and customize its rules. It is also possible to view the firewall history of each domain.

Note :The Glossary of N0C contains explanations on multiple topics and can be consulted to clarify certain terms.

Prerequisite

Go to https://mg.n0c.com/en/.

How to View the Firewall Protection History

  1. Go to Security -> Firewall history and customise the rules to filter your search results:
  1. Thus:
  • From the Filter by domain drop-down list, select the specific domain for which you wish to view the firewall protection history (or All domains if required);
  • Specify one or more Rule IDs, separating them with semicolons (Rule ID);
  • Exclude one or more Rule IDs, separating them with semicolons (Exclude Rule ID);
  • Specify the Host;
  • Specify the Source (IP address);
  • From the drop-down list, specify the Severity of the requests you wish to search for: All, ERROR, WARNING or NOTICE;
  • Specify the Status.
  1. Once this is done, the queries are displayed1:
  1. To view the details of an unwanted request, simply click on the down arrow, which appears under ACTIONS :
  1. The details are grouped by date:

How to Reset Filtering

To reset the field values to their defaults, simply click the Reset button:

  1. Go to Security -> Web App Firewall (WAF).
  2. To link the entire protection to a domain name, simply activate WAF by clicking on the slider button under STATUS:

How to Customize Rules

It is possible to customize the rules of WAF for each domain. 

  1. Locate the domain for which you need to customize the rules:
  1. Click on the Edit firewall rules icon.
  2. In the Web App Firewall rules (WAF) window, fill in the Search field if you are looking for a specific rule to customize:
  1. Use the slider buttons to customize the rules.
  2. Click on Show Subrules icon, if needed.

Always customize the rules first. As a last resort, you can disable all the rules, but the site becomes more vulnerable to attacks.

Meaning of the Rules

You can easily know the meaning of each rule:

  1. In the Web App Firewall rules (WAF) window, locate the rule to be defined:
  1. Click on the View rule documentation icon.
  2. A search on “Atomicorp Product Documentation” website is automatically performed.

How to Disable ModSecurity (HTTP Error 406)

There are several possible causes for an HTTP 406 error. The main one is a brute-force attack on your back office. In fact, there are protections that lock access for around ten minutes by displaying an HTTP 406 error.

If you do not want to take advantage of this protection, you can disable ModSecurity. To do this, in the Web Application Firewall Rules (WAF) window, simply deactivate the modsecurity internal error flagged rule by clicking on the appropriate slider :

How to Display Disables Rules Only

It may be useful to display only the rules you have deactivated. To do this:

  1. In the Web Application Firewall Rules (WAF) window, click on the Show disabled rules button:
  1. You will then see the deactivated rules on the screen:
  1. To display all the rules again, click on the Display all button:

How to Revert to the Default Domain Configuration

In the Web Application Firewall Rules (WAF) window, click on the Revert to default configuration button, so that the slider buttons are automatically adjusted to the initial state:

  1. There is no need to start the search, as it begins as soon as the filters are set. ↩︎
Updated on June 17, 2026

Related Articles