Web Application Firewall Security Policy
The Web Application Firewall (WAF) security policy is available for request and response traffic to provide protection at the Web application level. The OWASP Core Rule Set (CRS) rules, as enumerated in the Anypoint Security policies RAML are supported. Policies are grouped into the major threat categories for requests and responses.
|Only the official OWASP CRS rules are supported.|
WAF policies are fully integrated with the existing Anypoint Security policy DoS (Denial of Service). When the WAF policy detects errors, it triggers the thresholds configured in the DoS, which can be optionally configured to take actions such as shaping or blocking traffic for an IP address from a malicious source.