Free Trial

Prophaze WAF Best Practices

Prophaze WAF uses Application profiling to determine the best configuration for your application once you onboard the domain in our dashboard. Hence only minimum intervention is required from the customer. Some configurations the customer can tweak is the following.

1. Active Mode

Once the domain is onboarded the WAF goes into application profiling period where it learns the application, and web attacks are not blocked during this period, it is on detection mode only, this period is required by the WAF to learn the application and reduce the false-positives and to better protect against non-signature-based attacks.

Prophaze WAF Active Mode

2. Bot Protection

Bot protection allows the user to turn on advanced bot protection mechanisms, like the js challenge and the captcha challenge, by default it is turned off, the user is advised to turn it on if faced by bot attacks or is suspecting DDOS attacks.

Bot Protection - Prophaze WAF

3. Granular Control Over Proxy Settings

In the settings page where the user can change configurations like proxy-connect-timeout, proxy read timeout etc…

Granular Control Over Proxy Settings - Prophaze WAF

4. Rate Limiting

In Rules page, user is able set rate limiting Maximum requests Per-IP and Total requests.

Rate Limiting - Prophaze WAF