WAF User Guide

​

User Guide for WAF Configuration in Verbex

​

1. Accessing WAF Configuration

• WAF Toggle: A toggle button at the top of the page to enable or disable WAF for your organization.
• WAF Rule Table: Displays the current WAF rules applied to the organization, including IP Address, IP Type, Action, Reason, Notes, Expires At, and an Actions column for managing the rules.

​

2. Enabling WAF

1. Click the WAF Toggle: Switch the toggle to ON to activate the WAF functionality for your organization.
2. Confirmation Dialog: A modal will appear confirming if you want to enable WAF. You will be asked to select a Default Policy:
   • ALLOW: Allows all traffic by default and blocks only explicitly denied requests.
   • DENY: Denies all traffic by default, only allowing explicitly allowed requests.

• Choose the Default Policy for your organization based on your security requirements.
• Click Enable to confirm the settings and activate WAF.

​

3. Editing Default Policy

1. Click the ‘Edit’ Icon: Next to the default policy setting in the WAF Configuration screen, click the Edit Default Policy button.
2. Modify Default Policy: You can select between ALLOW or DENY from the dropdown menu, depending on your security needs.
3. Save Changes: After selecting the appropriate policy, click Update to save the changes.

​

4. Creating WAF Rules

1. Click ‘Create WAF Rule’: This will open a modal where you can define a new rule for your WAF configuration.
2. Fill in Rule Details:
   • IP Address: Specify the IP address, CIDR notation, or IP range to apply the rule to.
   • IP Type: Select the type of IP address matching (e.g., EXACT or other types, depending on your preference).
   • Reason: Provide a brief explanation of why this rule is being added (e.g., DDoS Attacker).
   • Notes: Optionally, add additional notes for clarification.
   • Expires At: Set an expiration date for this rule if it’s temporary.
3. Click Create: Once all fields are filled in, click Create to finalize the new rule.

​

5. Managing WAF Rules

• View Existing Rules: In the rule table, you can see all the configured rules, including their IP Address, IP Type, Action, Reason, and expiration details.
• Delete or Edit Rules: The Actions column provides options to either Edit or Delete existing rules. Click the ellipsis (…) icon next to the rule for more options.

​

6. Monitoring WAF Configuration

• Review Blocked Traffic: Verbex logs traffic that has been blocked based on WAF rules. You can periodically check for any blocked requests that may indicate malicious activity.
• Adjust Rules as Needed: If necessary, you can update or remove rules based on changes to the security landscape or false positives.

​

7. Troubleshooting

• WAF Not Blocking Traffic: Ensure that the rules are correctly configured and that the IP addresses or ranges are accurately specified.
• Incorrect Policy Behavior: If the policy doesn’t behave as expected (e.g., blocking valid requests), verify that the Default Policy is set correctly, and check the individual rules for conflicts.
• Expired Rules: If a WAF rule is no longer needed, ensure it is deleted or the expiration date is set properly to avoid security lapses.

1. Start with Default Allow or Deny: Choose a default policy that aligns with your organization’s security needs (e.g., ALLOW for high-trust environments or DENY for stricter control).
2. Granular Rules: Use specific IP ranges and precise actions in your rules to prevent misconfigurations and unintended blocks.
3. Regular Monitoring: Frequently review and adjust WAF rules to address evolving security threats.
4. Document Reasoning: Always add a clear reason and notes to each rule for future reference and compliance purposes.