How to Configure WAF on VergeCloud for Enhanced Website Security

Web Application Firewall

Overview

VergeCloud’s Web Application Firewall (WAF) provides advanced application-layer protection through a highly accurate Regex-based Anomaly Scoring system. Instead of relying solely on signature matches, VergeCloud assigns weighted scores to incoming requests based on the rules they trigger. When the cumulative anomaly score of a request meets or exceeds the configured threshold, the system automatically blocks it. This approach significantly reduces false negatives, improves detection of complex attack patterns, and provides a flexible framework for fine-tuning security posture.

Web Application Firewalls have become a critical part of modern security architecture. As threats increasingly target the application layer where user input, authentication, transactions, and data processing occur traditional network firewalls are no longer sufficient. WAFs serve as an essential security layer designed to detect, mitigate, and prevent malicious traffic before it reaches your origin servers.

A WAF performs several key functions:

Threat Detection and Prevention

VergeCloud’s WAF defends against common and advanced attack vectors such as Cross-Site Scripting (XSS), SQL Injection (SQLi), Remote File Inclusion (RFI), and Local File Inclusion (LFI). Through deep inspection of incoming requests, the WAF evaluates payloads, headers, parameters, and behavior patterns. Malicious requests are assigned high anomaly scores and blocked before reaching the application.


Continuous Traffic Monitoring

The WAF continuously analyzes traffic behavior across all endpoints. By monitoring changes in request size, frequency, user agents, header values, and parameter structures, it helps identify anomalies that may indicate an active attack campaign or reconnaissance attempt.


Regulatory Compliance

Industries that manage sensitive user data—such as e-commerce, banking, and healthcare—must meet strict compliance frameworks like PCI DSS, HIPAA, and ISO 27001. VergeCloud’s WAF helps maintain compliance by preventing unauthorized access and securing transactional data.


Application Layer Security

Application-layer attacks often bypass traditional firewalls. VergeCloud’s WAF specifically focuses on Layer 7 traffic, ensuring protection against attacks embedded within URLs, POST payloads, form parameters, cookies, and API requests.
When properly configured, VergeCloud’s WAF not only blocks harmful activity but also reduces downtime, prevents data breaches, and enhances overall service reliability.

Real Usage Scenarios

Suppose an e-commerce website begins experiencing automated bot attacks and payload-based SQL injection attempts on its payment API. With VergeCloud’s WAF enabled, anomaly scoring quickly identifies abnormal request patterns, malicious payloads, and irregular traffic spikes. Suspicious requests accumulate high anomaly scores and are blocked, allowing genuine customers to complete purchases without disruption.
This type of automated, intelligent filtering is especially valuable for high-traffic services, as it minimizes manual intervention and provides continuous protection.

Settings and Configuration of VergeCloud’s WAF

You can configure the WAF to operate in one of two modes
1. Log Only Mode
The WAF detects and logs suspicious activity.
No traffic is blocked.
Ideal for initial setup, false-positive tuning, and rule customization.

2. Protection Mode
The WAF enforces all active rules.
Requests exceeding the anomaly threshold are blocked immediately.

AlertDetection Mode (Log Only) is temporary and automatically resets to Off after 14 days.


Configuring WAF

Before fully activating the WAF in protection mode, VergeCloud recommends running it in observation mode. This helps:
  1. Identify real threats vs. normal user behavior
  2. Detect false positives
  3. Fine-tune rule sets
Using the WAF Attacks Analysis dashboard, you can evaluate logs, view detailed rule triggers, inspect payloads, and disable/enable individual rule IDs as needed. To disable a specific rule, open the corresponding rule set and toggle individual rules using the on/off switch.


Packages

VergeCloud supports multiple WAF rule packages:

VergeCloud’s WAF Package (Default)

Provides balanced, general-purpose protection:
XSS
SQL Injection
Bot detection
Unusual request patterns
Suspicious HTTP methods
Payload anomalies


CRS Package

Based on the OWASP Core Rule Set:
  1. SQLi
  2. XSS
  3. LFI/RFI
  4. Code injection (PHP/Java)
  5. HTTPoxy
  6. Shellshock
  7. Metadata leakage
  8. Bot/scanner detection

Comodo Package

A comprehensive commercial-grade rule set with advanced intrusion prevention, compatible with other packages.

You can refer to attack statistics in Analytics & Logs to see the WAF logs

API Reference

Automate WAF configuration can use VergeCloud’s extensive WAF API. The API allows you to manage rule packages, reorder priorities, reconfigure modules, create or update custom rules, and retrieve detailed rule information programmatically. These capabilities are ideal for CI pipelines, infrastructure automation, or custom security workflows.

Explore the complete WAF API documentation at https://api.vergecloud.com/docs#tag/waf

    • Related Articles

    • Cloud Firewall

      Overview The VergeCloud Firewall gives you granular control over the HTTP(S) traffic flowing to your website or application. It acts as an intelligent security layer at the edge, enabling you to filter requests, protect critical endpoints, block ...

    • Boost Web Pages

      Overview Web Boost improves the loading speed and overall performance of your website by optimizing static assets, images, and code delivery. Faster pages lead to better SEO rankings, lower bounce rates, improved user engagement, and higher ...

    • How to Whitelist VergeCloud’s IP Addresses in Your Firewall

      Overview To ensure seamless communication between VergeCloud’s edge servers and your origin or main server, it is essential to whitelist VergeCloud’s IP addresses in your firewall configuration. Without whitelisting, your firewall may block ...

    • Custom Error Pages

      Overview The Custom Pages feature in VergeCloud CDN allows you to personalize the experience your users see whenever your website encounters service interruptions, maintenance periods, or protective security challenges. Instead of showing default ...

    • Known Crawler Whitelisting in VergeCloud

      Overview Automated bots often referred to as crawlers or spiders are programs that systematically browse the web. Search engines, analytics platforms, AI services, and other online tools rely on these bots to index content, collect website ...