Skip to content

Web Application Firewall (WAF)

Web Application Firewall (WAF) - enables automatic blocking of attacks on websites.

Security levels

There are 5 security levels available for sites hosted on Serv00.com:

  • Level 0 - complete protection deactivation.
  • Level 1 - basic protection against typical attacks with reduced attack blocking sensitivity.
  • Level 2 - basic protection against typical attacks with normal attack blocking sensitivity.
  • Level 3 - more advanced protection that includes additional protection against SQL and XSS injection attacks.
  • Level 4 - penultimate protection level that includes all of the above and blocks attacks containing frequently used words in attack lists (keyword lists).
  • Level 5 - the highest level of protection that also blocks some special characters frequently used in attacks.

The default protection level is 1 for all newly added pages.

Warning

Enabling protection on levels higher than level 1 may cause false alarms (false positives), so if a error 403 page was generated during normal use of the page, reduce the security level. False alarms can also be reported by contacting us by sending an email to admin@serv00.com or creating a ticket - providing the page address, security level and date of occurrence.

Configuration

DevilWEB

The WAF security level can be changed by going to: WWW websitesManageDetailsWeb Application Firewall.

Devil

After logging in to SSH you can change the WAF level using the command: devil www options DOMAIN waf 0|1|2|3|4|5
Example: activating level 2 for the example.com webpage: devil www options example.com waf 2