WAF Managed Rulesets

Managed rulesets are collections of predefined WAF rules based on standards such as Open Worldwide Application Security Project (OWASP) Top Ten that you can enable and configure in your project's Firewall dashboard.

The following ruleset(s) are currently available:

• OWASP Core Ruleset

• You need to be a Developer or Viewer in the team to view the Firewall overview page and list the rules
• You need to be a Project administrator or Team member to configure, save and apply any rule and configuration

To enable and configure OWASP Core Ruleset for your project, follow these steps:

1. From your project's dashboard, select the Firewall tab
2. Select the Configure button
3. From the Managed Rulesets section, enable OWASP Core Ruleset
4. You can apply the changes with the OWASP rules enabled by default:
   • When you make any change, you will see a Review Changes button appear or update on the top right with the number of changes requested
   • Select Review Changes and review the changes to be applied
   • Select Publish to apply the changes to your production deployment
5. Or select what OWASP rules to enable first by selecting Configure from the OWASP Core Ruleset list item
6. For the OWASP Core Ruleset configuration page, enable or disable the rule that you would like to apply
7. For each enabled rule, select Log Only or Deny from the action drop-down
   • Use Log Only first and monitor the live traffic on the Firewall overview page to check that the rule has the desired effect when applied
8. Apply the changes
9. Monitor the live traffic on the Firewall overview page