Skip to content

Web Application Firewall (WAF)

Web Application Firewall (WAF) - enables automatic blocking of attacks on websites.

Security levels

There are 5 security levels available for sites hosted on

  • Level 0 - complete protection deactivation.
  • Level 1 - basic protection against typical attacks with reduced attack blocking sensitivity.
  • Level 2 - basic protection against typical attacks with normal attack blocking sensitivity.
  • Level 3 - more advanced protection that includes additional protection against SQL and XSS injection attacks.
  • Level 4 - penultimate protection level that includes all of the above and blocks attacks containing frequently used words in attack lists (keyword lists).
  • Level 5 - the highest level of protection that also blocks some special characters frequently used in attacks.

The default protection level is 1 for all newly added pages.


Enabling protection on levels higher than level 1 may cause false alarms (false positives), so if a error 403 page was generated during normal use of the page, reduce the security level. False alarms can also be reported by contacting us by sending an email to or creating a ticket - providing the page address, security level and date of occurrence.



The WAF security level can be changed by going to: WWW websitesManageDetailsWeb Application Firewall.


After logging in to SSH you can change the WAF level using the command: devil www options DOMAIN waf 0|1|2|3|4|5
Example: activating level 2 for the webpage: devil www options waf 2