Web Application Firewall (WAF)
A Web Application Firewall is enabled by default on all your environments. It allows you to monitor activity on your web application and block malicious attacks.
The Artifakt WAF offers several types of protections for your web application:
The WAF is enabled by default on all your environments and cannot be disabled.
In order to determine the behavior to be applied to the traffic, a score is automatically applied to each request according to their nature, origin, type of traffic. As this score exceeds the vigilance threshold, 3 different types of WAF actions can be triggered:
Sometimes, the automatic classification may be wrong, and a legitimate request could be blocked incorrectly. This is what we call a false positive.
If you think this is happening for one of your environments or if you see the page below while browsing your web application, please contact our Support team and give them the Ray ID displayed at the bottom of the page. Exceptions can be added to prevent this behavior from happening again in the future.
WAF Blocking Page
To access data and logs returned by the WAF, navigate to Environment → Monitoring → WAF.
The data could be filtered by:
- Time frame
- Type (Block, Challenge ou Log)
- IP Address
The graph as well as the table of events will automatically update according to the filters selected.