What is Blocking Mode? When Should You Switch to Blocking Mode?

About

What is Blocking Mode? When Should It Be Enabled?

TR7 WAF operates in Blocking Mode by actively blocking unwanted and malicious requests based on learned or default rules. In this mode, all requests identified as suspicious or harmful are blocked before reaching the server. This blocking effectively protects against common threats such as SQL Injection and XSS attacks. While doing so, the WAF only blocks harmful requests according to the defined rules and allows safe requests to pass. All blocked requests are permanently stored in the WAF logs. This ensures continuous system security by detecting and preventing potential threats in real time. Blocking Mode maximizes both the security of the web application and the safety of its users.

After analyzing the requests received during Monitor Mode in detail, the vService is switched to Blocking Mode. In the initial phase, unsafe requests are logged and their content and parameters are examined. Clean requests are learned by the system and considered safe to pass, while suspicious ones are still not blocked. The transition to Blocking Mode happens once the necessary precautions are taken and the WAF is ready to accurately detect and block harmful requests. In this mode, the WAF only blocks threat-bearing requests and lets safe traffic through seamlessly. Once activated, Blocking Mode strengthens application security and prevents potential attacks.