The Web Application Firewall (WAF) phase analyses requests for potential security threats.
waf.block
: Blocks the request if it matches WAF rules.waf.log
: Logs the request details without blocking.The WAF phase provides access to the following fields:
The filter matches requests with a URI path that starts with "/admin/":
starts_with(http.request.uri.path, "/admin/")
The configuration blocks requests to the admin area that trigger WAF rules:
waf.block:
reason: "Unauthorised access attempt to admin area"
For more information on the waf.block
action, refer to the Modsecurity section in the vconf documentation.