When responding to a potential web application threat, eCDN WAF looks at each incoming
request, assigns the request a threat score, and responds appropriately. Each incoming request
that triggers an OWASP rule increases the overall threat score. Some rules impact the score more
than others.
WAF uses three action modes in response to a threat detected by OWASP.
- Simulate
- Logs events without blocking or challenging the web requests. Using this option
enables you to see WAF impact when in Challenge or Block mode, to decide which action
mode is appropriate for your storefront.
- Challenge
- When you enable Challenge Mode, the CAPTCHA page challenges the suspected bad actor to
respond before they can proceed to your storefront. Challenge mode is useful against
automated attacks, and if WAF mistakenly targets a real shopper. If a real shopper is
mistakenly flagged, Challenge mode enables them to enter the CAPTCHA information and
continue with their experience.
- Keep in mind that some bots can resolve a CAPTCHA challenge, so Challenge mode does not
provide as strong a security measure as Block mode.
- Block
- If an incoming web request is suspicious, a Blocked page is shown and the web request is
prevented from reaching your server. The Block option is the most effective action against
bad actors. However, this option is also the most restrictive. If WAF mistakenly
identifies a real shopper is a bad actor, the shopper is blocked and unable to enter your
storefront.
Note: The CAPTCHA and Block pages are both generically branded and cannot be
customized.