Acquia Edge Standard includes preset Web Application Firewall (WAF) rulesets designed to mitigate common threats such as the Open Web Application Security Project (OWASP) Top 10. The OWASP ruleset is enabled by default and provides a foundational layer of security against common web-based vulnerabilities.
You can review and deactivate specific OWASP rule groups if needed. However, deactivating protections is not recommended. This method can leave your application vulnerable.
Open the OWASP ruleset
In the Edge console, navigate to Security.
Select Rule configuration.
Select WAF Rulesets.
Select the OWASP ruleset tab.
The page displays a summary of the ruleset, the number of active rules, and a table of OWASP rule groups.
OWASP protections included
The OWASP ruleset includes rule groups for the following types of threats:
SQL Injection (SQL-INJECTION-ANOMALY): Detects SQL injection (SQLi) attempts and suspicious database queries intended to steal or manipulate data.
Cross-Site Scripting (XSS-ANOMALY): Identifies cross-site scripting (XSS) attempts that inject scripts into separate browser sessions.
Remote File Inclusion (RFI-ANOMALY): Prevents attempts to must the application to include and execute external malicious files.
Local File Inclusion (LFI-ANOMALY): Blocks attempts to access restricted files stored locally.
Command Injection (CMD-INJECTION-ANOMALY): Detects attempts to execute unauthorized system commands.
Protocol Attack (PROTOCOL-ANOMALY): Detects protocol-level attack patterns and malformed requests.
Web Application Attack (WAT-ANOMALY): Detects general web application attack patterns and suspicious traffic behavior.
The OWASP ruleset table lists each OWASP rule group and includes:
Rule name: The OWASP rule group.
Description: What the rule group is designed to detect or block.
Toggle: Enables or deactivates the rule group.
Rule documentation: Opens provider documentation for additional technical detail.
Enable or deactivate OWASP rule groups
By default, all OWASP rule groups are enabled. You can deactivate individual rule groups if you have a confirmed false positive or a specific operational requirement.
Important
Deactivating OWASP protections reduces your security coverage and can leave your application vulnerable. Only deactivate a rule group after you ensure it is blocking legitimate traffic and you understand the security impact.
Ensure rule activity in Security Metrics
After you enable or deactivate OWASP rule groups, review the Security Metrics dashboard to ensure the change has the intended effect. Examples include reduced false positives while maintaining protection.
OWASP ruleset
Acquia Edge Standard includes preset Web Application Firewall (WAF) rulesets designed to mitigate common threats such as the Open Web Application Security Project (OWASP) Top 10. The OWASP ruleset is enabled by default and provides a foundational layer of security against common web-based vulnerabilities.
You can review and deactivate specific OWASP rule groups if needed. However, deactivating protections is not recommended. This method can leave your application vulnerable.
Open the OWASP ruleset
In the Edge console, navigate to Security.
Select Rule configuration.
Select WAF Rulesets.
Select the OWASP ruleset tab.
The page displays a summary of the ruleset, the number of active rules, and a table of OWASP rule groups.
OWASP protections included
The OWASP ruleset includes rule groups for the following types of threats:
SQL Injection (SQL-INJECTION-ANOMALY): Detects SQL injection (SQLi) attempts and suspicious database queries intended to steal or manipulate data.
Cross-Site Scripting (XSS-ANOMALY): Identifies cross-site scripting (XSS) attempts that inject scripts into separate browser sessions.
Remote File Inclusion (RFI-ANOMALY): Prevents attempts to must the application to include and execute external malicious files.
Local File Inclusion (LFI-ANOMALY): Blocks attempts to access restricted files stored locally.
Command Injection (CMD-INJECTION-ANOMALY): Detects attempts to execute unauthorized system commands.
Protocol Attack (PROTOCOL-ANOMALY): Detects protocol-level attack patterns and malformed requests.
Web Application Attack (WAT-ANOMALY): Detects general web application attack patterns and suspicious traffic behavior.
The OWASP ruleset table lists each OWASP rule group and includes:
Rule name: The OWASP rule group.
Description: What the rule group is designed to detect or block.
Toggle: Enables or deactivates the rule group.
Rule documentation: Opens provider documentation for additional technical detail.
Enable or deactivate OWASP rule groups
By default, all OWASP rule groups are enabled. You can deactivate individual rule groups if you have a confirmed false positive or a specific operational requirement.
Important
Deactivating OWASP protections reduces your security coverage and can leave your application vulnerable. Only deactivate a rule group after you ensure it is blocking legitimate traffic and you understand the security impact.
Ensure rule activity in Security Metrics
After you enable or deactivate OWASP rule groups, review the Security Metrics dashboard to ensure the change has the intended effect. Examples include reduced false positives while maintaining protection.
Did not find what you were looking for?
If this content did not answer your questions, try searching or contacting our support team for further assistance.
Did not find what you were looking for?
If this content did not answer your questions, try searching or contacting our support team for further assistance.
Edge Standard