Security Metrics dashboard¶

The Security Metrics dashboard shows Web Application Firewall (WAF)-identified threats. Here, you can review requests that your WAF custom rules have actively blocked or are set to alert for. This enables you to monitor how your WAF rules respond to requests by the parameters you have set and the effectiveness of your security policies.

Rule Configuration¶

The Rule Configuration section contains three areas for setting different security policies for your Edge WAF: 

• WAF Ruleset: contains your pre-set OWASP ruleset
• Custom WAF Rule: enables you to create up to 10 Custom WAF rules
• IP Block list: enables you to manage a block-list of up to 100 IPs 

WAF Ruleset OWASP top ten ruleset¶

Acquia Edge Standard Standard includes pre-set WAF rulesets for common threats, such as the OWASP Top 10, which are active by default. You can review and deactivate specific rules if necessary, but this is generally not recommended.

The OWASP ruleset includes rules for:

• SQL injection
• Cross-Site scripting
• Remote file inclusion
• Local file inclusion
• Command injection
• Protocol attack
• Web application attack
• Security policy violation

• Network protocol violations

Creating custom WAF rules¶

Create a maximum of 10 custom WAF rules to handle traffic based on your specific needs. A custom WAF rule includes a name, rule logic, a response action and applies to requests that reach all or some of your domains.
 

Rule logic options:¶

• Attribute: The request attribute your rule acts against (for example, ASN, country, header, IP address, method, or query string).
• Criteria: The matching logic, such as "equals," "contains," "range," or "regex," depending on the attribute.
• Value: The specific value to match (for example, a specific country code or IP address).

Rule response action options:¶

• Response action: Set to either Block or Alert. Block stops the request from reaching the site, while Alert tags the request and logs it in Security Metrics.
• Rule priority: Determine the order in which the rule is evaluated relative to other custom rules (for example, first, last, or a specific numeric order).
• Domains: Specify if the rule applies to all the domains, a specific set of domains, or a specific path on a domain.

Example steps for creating a rule:¶

1. Access the Rule Configuration section and select Custom WAF rule.

2. Select Create custom rule.

   
3. Define the rule by specifying one or more request attributes and matching criteria.
4. Select a response action: Block or Alert.
5. Save the rule. Active rules appear in a prioritized order and respond to a request in that order.

Configuring the IP block list¶

The IP Block List enables you to manage a list of up to 100 IP addresses that you want to block. This list can be applied to custom WAF rules to prevent malicious traffic from these sources from reaching your site. The existing blocklist applies to new domains by default. You can add IPs using two methods:

Manual IP entry method¶

Large text field: Manually paste up to 100 IP addresses, separated by commas (for example, 192.168.1.1, 192.120.1.4, 192.178.1.2).

CSV upload method¶

• Upload section: Select the upload button or drag-and-drop area to upload a CSV file.

• File constraints: The file must include a maximum of 100 IP addresses and must be no larger than 5 MB.