What is the WAF operating mode on the WebOrion™ Protector?
The “WAF Operating Mode” setting determines whether the WebOrion™ Protector WAF will block any requests that is deemed as suspicious. By default, all new websites registered with WebOrion™ will be set on Passthrough Mode.
When the WAF is on Passthrough Mode, no requests will be blocked, but only suspicious requests will be logged in the Firewall Event Log.
When the WAF is on Blocking Mode, any requests that are deemed as suspicious will be blocked and also logged. Attackers who attempt to send a malicious request or content to your site will be blocked with a “Your request has been blocked” error page.
We recommend new users to leave your website on Passthrough Mode for a few days while monitoring the firewall event log for any real traffic by your users which the WebOrion™ Protector WAF might incorrectly be blocking. After identifying the rules that may be wrongly triggered, you may choose to disable them under their relevant rule sets.
Once you are comfortable enough with the WebOrion™ Protector WAF, you should switch it to Blocking Mode for maximum protection. This will ensure that any attacks will not be able to go through to your website and your web server.
However, we also are confident enough to recommend our more technical users to switch it to Blocking Mode immediately. Although we are confident of a low false positive rate for our WAF, there is still a risk that legitimate users may be blocked by the WAF.
If you require any additional support with regards to the WebOrion™ Protector, feel free to contact us.