Skip to main content

Default Configuration

WAAP configuration should be tailored to the website you want to protect and the threats that may target you.

If you wish to apply a default configuration, we recommend applying the following settings:

Protocol Validation (3/4):

  • Invalid User Agent - Enable
  • Unknown User Agent - Enable
  • Service protocol validation - Enable

WAF and OWASP top threats (14/17) :

  • SQL Injection - Enable
  • XSS - Enable
  • Shellshock exploit - Enable
  • Remote File Inclusion - Enable
  • Local file inclusion - Enable
  • Common web application vulnerabilities - Enable
  • Web shell execution prevention - Enable
  • Protocol Attack - Enable
  • Cross-site request forgery - Enable
  • Shell Injection - Enable
  • Code Injection - Enable
  • Sensitive data exposure - Enable
  • Personally identifiable information - Enable
  • Server-side template injection - Enable

IP Reputation (8/8):

  • Traffic via TOR network - Enable
  • Traffic via proxy networks - Enable
  • Traffic from hosting services - Enable
  • Traffic via VPNs - Enable
  • Bot traffic - Enable
  • Traffic from suspicious NAT ranges - Enable
  • External reputation block list - Enable
  • Traffic via CDNs - Enable

Behavioral WAF (2/5):

  • Obfuscated attacks and zero-day mitigation - Enable
  • Brute-force protection - Enable

Anti-automation and bot protection (1/4):

  • Automated Clients - Enable

CMS protection (0/8)

Common automated services (81/120):

  • Microsoft MSN bot - Enable
  • Microsoft Bing bot - Enable
  • Facebook External Hit bot - Enable
  • Twitter bot - Enable
  • Yahoo Inktomi Slurp bot - Enable
  • Yahoo Slurp bot - Enable
  • Yandex bot - Enable
  • Baidu Spider bot - Enable
  • Baidu Spider Japan bot - Enable
  • Naver Yeti bot - Enable
  • Seznam bot - Enable
  • Blekko ScoutJet bot - Enable
  • Ask Jeeves bot - Enable
  • LinkedIn bot - Enable
  • Alexa ia archiver - Enable
  • Sogou bot - Enable
  • Yahoo Seeker bot - Enable
  • Pingdom - Enable
  • New Relic bot - Enable
  • Applebot - Enable
  • Chrome Compression Proxy - Enable
  • KAKAO UserAgent - Enable
  • Yahoo Link Preview - Enable
  • Livedoor Japan bot - Enable
  • Microsoft Skype bot - Enable
  • PayPal IPN - Enable
  • StatusCake bot - Enable
  • Cybersource - Enable
  • IAS crawler - Enable
  • YisouSpider - Enable
  • Coccocbot - Enable
  • Microsoft Bing Preview bot - Enable
  • Slack bot - Enable
  • Uptime Robot - Enable
  • Panopta bot - Enable
  • Server Density Service Monitoring bot - Enable
  • Zum Bot - Enable
  • Ahrefs Bot - Enable
  • Requests from Origin's IP - Enable
  • Semrush Bot - Enable
  • Mail.ru Bot - Enable
  • Telegram Bot - Enable
  • Internet Archive Bot - Enable
  • Pinterest Bot - Enable
  • Amazon Route53 Health Check Service - Enable
  • Lets Encrypt - Enable
  • Hetrix Tools - Enable
  • Alexa technologies - Enable
  • AddSearch Bot - Enable
  • Site24X7 Bot - Enable
  • XML Sitemaps - Enable
  • AppleNewsBot - Enable
  • Roger bot - Enable
  • DuckDuckGo bot - Enable
  • CookieBot - Enable
  • Detectify Scanner - Enable
  • DigiCert DCV Bot - Enable
  • Workato - Enable
  • GhostInspector - Enable
  • Freshping Monitoring - Enable
  • BinaryCanary - Enable
  • parse.ly scraper - Enable
  • Geckoboard - Enable
  • Audisto Bot - Enable
  • FeedPress - Enable
  • Feeder.co - Enable
  • Adjust Servers - Enable
  • W3C - Enable
  • Stackify - Enable
  • Testomato Bot - Enable
  • Siteimprove bot - Enable
  • Petal bot - Enable
  • Google Cloud Monitoring - Enable
  • Smart Plugin Manager bot - Enable
  • Outbrain bot - Enable
  • Comscore Crawler - Enable
  • Google Bot - Enable
  • Google Services - Enable
  • Google Crawler - Enable
  • Google User Triggered Fetchers - Enable
  • Apple Private Relay - Enable