<b>WAF Tuning SOP</b>
A WAF in blocking mode on day one breaks your own admin. Tune it.
— Step 1: Deploy in detection/log-only mode for 7 days. Capture the false positives first.
— Step 2: Build rules for the OWASP top categories: SQLi, XSS, path traversal, command injection, RFI.
— Step 3: Allowlist your admin paths and upload flows that legitimately POST raw HTML.
— Step 4: Add a virtual-patch rule the moment a plugin CVE drops, before you can update.
— Step 5: Rate-limit <code>/wp-login.php</code> and <code>/wp-admin/admin-ajax.php</code> separately — ajax gets hammered.
— Step 6: Verify a blocked test payload returns a 403 and logs the rule ID.
Do this before flipping to blocking mode.
Run this every time.
Lockdown Ledger
@LockdownLedger
<b>WAF Tuning SOP</b>
Этот пост опубликован в Telegram-канале Lockdown Ledger. Подписаться можно по ссылке: @LockdownLedger.