Skip to content

What is TR7 OWASP Protection Level? How to Change it?

About

What is OWASP Protection Level?

All OWASP rules in TR7 are assigned specific values based on a risk analysis, ranging from low to very high risk. When the total value of matched rules exceeds a certain threshold, the WAF actively performs blocking.

"OWASP Protection Level" is used to define the level of protection on TR7 WAF. As the protection level increases, the likelihood of false-positives also increases. Therefore, it is important to carefully select the appropriate protection level for the application.

By default, the protection level is set to "Tight", which provides a balanced level of security and false-positive rate, and is recommended by TR7. However, in scenarios where maximum security is desired and potential false-positives are acceptable, a higher level can be selected. On the other hand, lowering the protection level may reduce the chance of false-positives.

Interface

Changing OWASP Protection Level

Step > 1

To change the "OWASP Protection Level" configuration, first open the WAF Management screen of the relevant vService by following "Monitor Mode > Related vService > WAF Management". Then, click the pencil icon next to "OWASP Protection Level".

Step > 2

The "OWASP Protection Level" value can be adjusted from this section as desired.