Salesforce B2C Commerce 24.7 > Administering Your Organization > Site Preferences > Embedded CDN > eCDN Web Application Firewall

Modify eCDN WAF Settings

The eCDN Web Application Firewall (WAF) protects your storefront by analyzing and interpreting your HTTP/s traffic. WAF stops application level attacks that attempt to exploit code-level vulnerabilities. Configure the security sensitivity level, and decide what action WAF takes when a suspicious web request attempts to access your storefront.

Prerequisiteโ€”You must add a hostname to the embedded Content Delivery Network (eCDN), and create a zone, before you can configure the WAF settings.
Note: WAF is enabled by default when you create new Proxy Zones. The default settings provide a sensitivity mode of โ€œLowโ€ and an action of โ€œChallengeโ€.

To modify eCDN WAF settings:

  1. Select Administration > Sites > Embedded CDN Settings.
  2. Select a zone.
  3. On the WAF tab, select (check) Enabled to enable WAF (the default for new Proxy Zones) or deselect (uncheck) Enabled to disable WAF for the zone.
  4. From the Action dropdown list, select an action.
    • Simulateโ€”Logs the event without blocking or challenging the web request.
      Note: For first-time users, we recommend using this mode for at least a week to analyze your incoming traffic. Review the log files to then determine an appropriate action and sensitivity level.
    • Challengeโ€”If the incoming web request is suspicious, the visitor must respond to a CAPTCHA challenge before proceeding.
    • Blockโ€”Stop the request from reaching your server.
  5. From the Sensitivity dropdown list, select a sensitivity level.
    WAF becomes more suspicious (likely blocks more requests), when sensitivity is set to a higher level. Conversely, WAF becomes less suspicious (likely lets more traffic through), when sensitivity is set to a lower level. We typically recommend using a medium or high sensitivity setting. However, based on your log analysis, you can change the sensitivity by raising or lowering the sensitivity level. These adjustments enable you to manage when too many real shoppers are being detected as bad actors, or you are not adequately detecting bad actors.
    Note: Selecting the Off option disables the OWASP rule set.

    HTTP Requests

    • Lowโ€”Threat score of 60 and higher
    • Mediumโ€”Threat score of 40 and higher
    • Highโ€”Threat score of 25 and higher

    Ajax Requests

    • Lowโ€”Threat score of 120 and higher
    • Mediumโ€”Threat score of 80 and higher
    • Highโ€”Threat score of 65 and higher
  6. For one or more dates, select a Time (All times are based on local browser times) and click Request Log.

    When the log file is available for download, an email is sent to your Business Manager email account with a link. Download the log to analyze your traffic and adjust the sensitivity accordingly.

Related concepts
Storefront Network Access
eCDN Web Application Firewall
WAF Protection
Related tasks
Create a Zone
Related reference
eCDN-WAF Log OCAPI References

Infocenter Retirement: On June 30, 2023, the Infocenter was retired, and documentation currently hosted on the Infocenter will be published to Salesforce Help, Commerce Cloud Developer Center, and Salesforce B2C Commerce Developer Documentation Resources. For more information, see the release note.