Web application firewall and CRS rules

mlytics web application firewall (WAF) protects your domain from common vulnerabilities and exploits. This is done through rules that are defined based on the Comodo WAF rule v1.229. 

There are three main categories under the 'CRS rules' feature:

  • XSS rules
  • SQL injection rules
  • Generic injection rules: all other web application attacks

The rulesets

When viewing a ruleset, you can see a list of rules and the rule ID, threats, action, and whether it's enabled or not. These rules can be enabled/disabled individually.

The actions available for each rule are:

  • Block: the request will be blocked
  • Pass: ignore the rule
  • Simulate: the request is allowed through but is logged in the 'Threat log'