Question
- What are the Best Practices or suggestions that Silverline recommends when building a WAF policy?
- What are the protections/modules that Silverline Supports? (WAF Setup: Blocking Phases)
- What protections/modules can be deemed as "good to have" but not enabled by default?
Environment
- Silverline WAF
- WAF policy
Answer
Policy Creation
- Complete the WAF Technical Questionnaire and provide as much information as possible:
WAF Modules / Protections
- Modules described in this article (WAF Setup: Blocking Phases) are the default categories/modules that are supported.
- For additional protections that can be implemented within Silverline: Q&A: What Additional Protection Does Silverline WAF Services Offer Besides the Default Blocking Modules?
WAF Tuning
- Review this article so you know how tuning works: Q&A: What is "Tuning" a WAF Policy? What is SOC vs. my responsibilities in this process?
- Submit a WAF violation assessment for a violation review: How to Create WAF Violation Assessments
- Before submitting a WAF assessment, it is best to apply filters onto the WAF violation logs:
- Use destination IP and/or WAF policy name
- In addition, you can use URLs, source IP addresses, and timestamp as this can help reduce the number of total logs to review
Related Content
- Download: WAF Technical Questionnaire for WAF Setup
- Q&A: What are the details that should be provided in the Technical Questionnaire?
- Q&A: What is "Tuning" a WAF Policy? What is SOC vs. my responsibilities in this process?
- How to Create WAF Violation Assessments
- WAF Setup: Blocking Phases
- Q&A: What Protection Can Silverline Support In the WAF Service (That Is Not Part Of The Default?)