--- title: "Acquia Managed WAF Ruleset" date: "2026-04-23T11:04:16+00:00" summary: image: type: "page" url: "/acquia-cloud-platform/add-ons/edge-standard/acquia-managed-waf-ruleset" id: "bde879e6-1b89-4db1-8502-01273a8b366f" --- The Acquia Managed ruleset provides pre-configured WAF rules maintained by Acquia. Use these rules to help protect your domains from common and emerging threats. Review the included rules and deactivate individual rules if needed. ### Open the Acquia Managed Ruleset 1. In the Edge console, go to **Security**. 2. Select **Rule configuration > WAF rulesets**. 3. Select **Acquia Managed Ruleset**. The page displays a description of the ruleset, the number of active rules, and a table of rule names and descriptions. ### Rules included in the ruleset The Acquia managed ruleset includes the following protections: * **Autodiscover**: Blocks traffic to Microsoft Autodiscover endpoints. * **Chrome** – Older Versions: Targets traffic from older versions of Chrome. * **Drupal Paths**: Blocks specific paths and query strings commonly targeted on Drupal sites. * **Microsoft ActiveSync**: Blocks requests to the Microsoft ActiveSync URL. * **Microsoft Office**: Blocks POST requests with a User-Agent of Microsoft Office. * **Microsoft Skype Business**: Blocks POST requests with a User-Agent of Skype for Business. * **User Agents**: Blocks requests based on predefined user agents. * **Wordpress**: Blocks various paths associated with WordPress. ### Deactivate or re-activate a rule 1. Navigate to **Security > Rule configuration > WAF Rulesets**. 2. Locate the specific rule in the _Acquia Managed ruleset_ tab. 3. Toggle the rule control to deactivate or re-activate the rule. 4. Select **Save**. ### Confirm changes To apply updates, use the confirmation dialog box to verify the change. Select Confirm to proceed. ### Reset to default To restore the ruleset to the default recommended state, select Reset to default. Confirm the reset when prompted. ### Unsaved changes behavior To navigate away with unsaved changes prompts a dialog box. Select to Save and continue or Discard changes. ### Verify in security metrics After you enable or change rules, use Security Metrics to review WAF activity. Ensure the ruleset has the intended impact on blocked and alerted traffic trends.