Skip to navigationSkip to main contentSkip to footerScaleway Docs HomepageAsk our AI
Ask our AI
Log inSign up

How to configure Edge Services Web Application Firewall

An Edge Services Web Application Firewall (WAF) evaluates requests to your pipeline to determine whether they are potentially malicious. You can choose the paranoia level to be used when evaluating requests, and set exclusions to define traffic that should not be filtered by WAF. Requests identified as malicious are blocked or logged depending on your settings.

This page walks you through the process of enabling and configuring WAF to protect your Edge Services pipeline.

To read more about how WAF works, refer to our Understanding WAF page.

Before you start

To complete the actions presented below, you must have:

How to enable and configure WAF

  1. Click Edge Services in the Network section of the Scaleway console side menu. A listing of your pipelines displays.

  2. Click the name of the pipeline you want to configure WAF for, then open the Settings tab.

  3. In the Web Application Firewall (WAF) panel, click Enable WAF. A configuration pop-up displays.

  4. Choose the paranoia level, from 1 to 4, that best suits your use case. The higher the paranoia level, the more sensitive WAF is to potential threats, and the more likely it is to classify a request as malicious. For help with choosing a paranoia level, see our dedicated documentation.

    Tip

    After enabling WAF, you will be able to set exclusions that filter out requests matching certain criteria from being evaluated by WAF.

  5. Select a WAF mode. Requests judged to be malicious can either be blocked and prevented from passing to the backend, or logged but allowed to pass.

  6. Click Save.

WAF is enabled and you are returned to your Edge Services pipeline overview. You can disable or edit WAF settings at any time.

How to set exclusions

Once you have enabled WAF, you can choose to set exclusions. Exclusions are a set of filters: requests that match the filters are not evaluated by WAF, and pass directly to your backend.

  1. Click Edge Services in the Network section of the Scaleway console side menu. A listing of your pipelines displays.

  2. Click the name of the desired pipeline, then open the Settings tab.

  3. In the Web Application Firewall (WAF) panel, click + Add exclusions. A configuration pop-up displays.

  4. Set up to two filters for this exclusion. You can add either:

    • One Path regex filter, to match paths of requests to exclude. For example, /api/v1/.*
    • One HTTP method filter, to match the HTTP methods of requests to exclude. For example, enter one or more of GET, PATCH, PUT, DELETE etc. Requests that match any of these methods will be considered to match the HTTP method filter.
    • One of each of the above (use the Add filter button to add the second filter)

    If you include both a path regex and an HTTP method filter in the same exclusion, requests must match both of the filters in order to be excluded.

    Currently, the only action possible to set for matching requests is Bypass WAF (matching requests will not be evaluated by WAF and will proceed directly to the backend.) In the future, more actions will be added.

  5. Click Add to add the exclusion.

  6. Optionally, repeat steps 3 to 5 to add more exclusions (up to 100).

  7. Click Save changes to save all the exclusions you added.

How to edit exclusions

  1. Click Edge Services in the Network section of the Scaleway console side menu. A listing of your pipelines displays.

  2. Click the name of the desired pipeline, then open the Settings tab.

  3. In the WAF panel, click edit icon next to the exclusion you want to edit.

  4. Make edits to the filters as required. You cannot add more than one filter of each type (maximum of one path regex and one HTTP method filter per exclusion).

  5. Click Confirm when you have finished editing.

  6. Continue to edit or delete other exclusions as necessary.

  7. Click Save changes to exit Edit mode and save all your changes.

How to delete exclusions

  1. Click Edge Services in the Network section of the Scaleway console side menu. A listing of your pipelines displays.

  2. Click the name of the desired pipeline, then open the Settings tab.

  3. In the WAF panel, click Edit exclusions to enter Edit mode.

  4. Click the delete icon icon next to the exclusion you want to delete.

    A pop-up displays, asking you to confirm the deletion.

  5. Click Delete.

  6. Continue to edit or delete other exclusions as necessary.

  7. Click Save changes to exit Edit mode and save all your changes and deletions.

How to edit WAF configuration

You can edit WAF's paranoia level and mode (log or block) at any time.

  1. Click Edge Services in the Network section of the Scaleway console side menu. A listing of your pipelines displays.

  2. Click the name of the desired pipeline, then open the Settings tab.

  3. In the WAF panel, click edit icon.

  4. Edit the paranoia level and mode as required.

  5. Click Save.

    Your edits are saved, and you are returned to the Edge Services pipeline settings.

How to disable WAF

You can disable WAF at any time.

  1. Click Edge Services in the Network section of the Scaleway console side menu. A listing of your pipelines displays.

  2. Click the name of the desired pipeline, then open the Settings tab.

  3. In the WAF panel, click Disable WAF. A confirmation pop-up displays.

  4. Click Disable to confirm.

WAF is disabled for your Edge Services pipeline.

See Also
ArrowLeftIconHow to configure a cacheHow to monitor with CockpitArrowRightIcon
Still need help?

Create a support ticketArrowRightIcon
No Results