2 min read

WAF Managed Rulesets

Learn how to use managed rulesets with the Vercel Web Application Firewall (WAF)
Table of Contents

Managed rulesets are collections of predefined WAF rules based on standards such as Open Worldwide Application Security Project (OWASP) Top Ten that you can enable and configure in your project's Firewall dashboard.

WAF Managed Rulesets are available on Enterprise plans

The following ruleset(s) are currently available:

To enable and configure OWASP Core Ruleset for your project, follow these steps:

  1. From your project's dashboard, select the Firewall tab
  2. Select the Configure button
  3. From the Managed Rulesets section, enable OWASP Core Ruleset
  4. You can apply the changes with the OWASP rules enabled by default:
    • When you make any change, you will see a Review Changes button appear or update on the top right with the number of changes requested
    • Select Review Changes and review the changes to be applied
    • Select Publish to apply the changes to your production deployment
  5. Or select what OWASP rules to enable first by selecting Configure from the OWASP Core Ruleset list item
  6. For the OWASP Core Ruleset configuration page, enable or disable the rule that you would like to apply
  7. For each enabled rule, select Log Only or Deny from the action drop-down
    • Use Log Only first and monitor the live traffic on the Firewall overview page to check that the rule has the desired effect when applied
  8. Apply the changes
  9. Monitor the live traffic on the Firewall overview page

Note: If you need Managed Rulesets, contact us to discuss the Enterprise plan.

Contact Sales
Last updated on June 21, 2024