Web Application Firewall

Block SQLi, XSS and other application-layer attacks without touching code.

WAF master switch

WAF: ON

POST /api/security/waf/settings with enabled and profile.

WAF profile

Managed rules

SQL Injection

Detects common SQLi payloads and bypass patterns.

Sensitivity4 / 5

Cross-Site Scripting

Blocks reflected and stored XSS attempts.

Sensitivity3 / 5

Bad bots

Flags malicious scanners and abusive crawlers.

Sensitivity3 / 5

Protocol anomalies

Catches malformed requests and protocol abuse.

Sensitivity2 / 5

Custom rules

Global

URI contains /wp-admin

Action: Block
Hits (24h): 128
Status

site1.com

Header User-Agent contains curl

Action: Challenge/Captcha
Hits (24h): 43
Status

api.site2.com

IP equals 198.51.100.24

Action: Log only
Hits (24h): 18
Status

Scope	Condition	Action	Hits (24h)
Global	URI contains /wp-admin	Block	128
site1.com	Header User-Agent contains curl	Challenge/Captcha	43
api.site2.com	IP equals 198.51.100.24	Log only	18

WAF analytics

Blocked vs allowed (24h)

00:00118 blocked / 1824 allowed

04:00162 blocked / 2230 allowed

08:00238 blocked / 2940 allowed

12:00214 blocked / 2712 allowed

16:00279 blocked / 3210 allowed

20:00246 blocked / 3012 allowed

Top triggered rules

942100 SQL Injection Attack Detected

418

941100 XSS Attack Detected

287

920350 Host header is a numeric IP address

163

913100 Scanner detection

Top offending IPs

185.220.101.24

214 hits

45.155.205.11

187 hits

203.0.113.90

132 hits

198.51.100.42

96 hits