WAF Threat Response

When responding to a potential web application threat, eCDN WAF looks at each incoming request, assigns the request a threat score, and responds appropriately. Each incoming request that triggers an OWASP rule increases the overall threat score. Some rules impact the score more than others.

WAF uses three action modes in response to a threat detected by OWASP.

Simulate
Logs events without blocking or challenging the web requests. Using this option enables you to see WAF impact when in Challenge or Block mode, to decide which action mode is appropriate for your storefront.
Challenge
When you enable Challenge Mode, the CAPTCHA page challenges the suspected bad actor to respond before they can proceed to your storefront. Challenge mode is useful against automated attacks, and if WAF mistakenly targets a real shopper. If a real shopper is mistakenly flagged, Challenge mode enables them to enter the CAPTCHA information and continue with their experience.
Keep in mind that some bots can resolve a CAPTCHA challenge, so Challenge mode does not provide as strong a security measure as Block mode.
Block
If an incoming web request is suspicious, a Blocked page is shown and the web request is prevented from reaching your server. The Block option is the most effective action against bad actors. However, this option is also the most restrictive. If WAF mistakenly identifies a real shopper is a bad actor, the shopper is blocked and unable to enter your storefront.
Note: The CAPTCHA and Block pages are both generically branded and cannot be customized.