OWASP Protection Level
About
In TR7 ASP, all OWASP rules are scaled from low risk to very high risk based on a risk analysis, and specific values are assigned to these rules. When the sum of these values exceeds a certain limit, the WAF actively performs a blocking operation. By clicking on the edit icon next to the Protection Level text, the settings of the relevant service are managed.
Interface
Protection Level Editing Screen
- OWASP Protection Level
There are 5 different protection levels on TR7 ASP. Increasing the protection level also increases the false-positive rate. By default, WAF is active with a Tight protection level.
- Elementary > Protection level is determined to have the highest limit. False-positive rate is Very Low.
- Normal > Protection level is determined to have a high limit. False-positive rate is Low.
- Tight > Protection level is determined to have a medium limit. False-positive rate is Medium.
- Very Tight > Protection level is determined to have a low limit. False-positive rate is High.
- Aggressive > Protection level is determined to have the lowest limit. False-positive rate is Very High.
- Sync with Default WAF Rules
When activated, it shifts WAF rules (Structural checks, OWASP rules, etc.) to a tighter protection mode according to the selected Protection Level. However, activating this option increases the false-positive rate.
- Max. OWASP Exclusions
The maximum number of OWASP exceptions that can be given on the default rule (All Paths) or rules created based on path is determined. When OWASP exceptions exceed the set number, no more OWASP control is performed on that rule.