Updated on 2024-03-14 GMT+08:00

Which Protection Levels Can Be Set for Basic Web Protection?

WAF provides three basic web protection levels: Low, Medium, and High. The default option is Medium. For details, see Table 1.

Table 1 Protection levels

Protection Level

Description

Low

WAF only blocks the requests with obvious attack signatures.

If a large number of false alarms are reported, Low is recommended.

Medium

The default level is Medium, which meets a majority of web protection requirements.

High

At this level, WAF provides the finest granular protection and can intercept attacks with complex bypass features, such as Jolokia cyber attacks, common gateway interface (CGI) vulnerability detection, and Druid SQL injection attacks.

To let WAF defend against more attacks but make minimum effect on normal requests, observe your workloads for a period of time first. Then, configure a global protection whitelist rule and select High.