Which Protection Rules Are Included in the System-Generated Policy?
When you add a website to WAF, you can select an existing policy you have created or the system-generated policy. For details, see Table 1.
If you are using WAF standard edition, only System-generated policy can be selected.
You can also tailor your protection rules after the domain name is connected to WAF.
Edition | Policy | Description |
|---|---|---|
Cloud mode | Basic web protection (Log only mode and common checks) | The basic web protection defends against attacks such as SQL injections, XSS, remote overflow vulnerabilities, file inclusions, Bash vulnerabilities, remote command execution, directory traversal, sensitive file access, and command/code injections. |
Dedicated mode | Basic web protection (Log only mode and common checks) | The basic web protection defends against attacks such as SQL injections, XSS, remote overflow vulnerabilities, file inclusions, Bash vulnerabilities, remote command execution, directory traversal, sensitive file access, and command/code injections. |
Anti-crawler (Log only mode and Scanner feature) | WAF only logs web scanning tasks, such as vulnerability scanning and virus scanning, such as crawling behavior of OpenVAS and Nmap. |
Log only: WAF only logs detected attack events instead of blocking them.