Click the Advanced Settings button to configure the advanced OWASP settings.

Inspect HTTP POST Request Bodies

This option is disabled by default. If you enable this option, three more check boxes become available that allow you to enable the processing of JavaScript Object Notation (JSON), Extensible Markup Language (XML) requests, and other content types.

Request Body Size Limit

This option allows you to set the maximum size of POST request bodies that the WAF engine will allow through. The default value is 1048576 bytes. The range of valid values is 1024 to 52428800 bytes (50 MB).

CAUTION: Higher values require more memory resources and may impact WAF engine performance.

Process HTTP Responses

Enables checking of the responses from the server to the client.

Enabling the Process HTTP Responses option makes two more options, E - Intended Response Body and F- Response Headers, available in the Audit Parts options

Note: The processing of response data can be CPU and memory intensive and may impact on performance.

Blocking Paranoia Level

Defines how strictly the ModSecurity engine implements each rule. The default Paranoia Level value is set at 1. With each paranoia level increase, the CRS enables stricter implementations of the rules, giving you a higher level of security. However, higher paranoia levels also increase the possibility of blocking some legitimate traffic due to false positives. If you use higher paranoia levels, you will likely need to add some exclusion rules for certain applications that need to receive complex input patterns.

Executing Paranoia Level

Defines the paranoia level at which the ModSecurity engine checks/verifies the requests coming from the servers. The results of the checks will be logged but the Executing Paranoia Level is not used to determine what traffic will be blocked.

Though the Executing Paranoia Level can be higher than the Blocking Paranoia Level, it cannot be lower. A higher Executing Paranoia Level enables users to see which rules would be triggered at a higher Paranoia level without blocking traffic.

Audit Parts:

A single string that contains the sections that are to be entered in the WAF audit log for each request. The supported values are A, B, E, F, H, K, Z, though only the values B, E, F, H can be enabled or disabled.

For further information regarding the Audit Parts, please refer to https://github.com/SpiderLabs/ModSecurity/wiki/ModSecurity-2-Data-Formats

PCRE Match Limit:

This setting sets the maximum iterations that the internal PCRE engine uses before failing a match. A lower value may cause a valid match to fail, whereas a higher value may cause the WAF engine to run slower. The default value is 10000. The maximum value is 9999999.

JSON Depth Limit

This value sets the maximum depth that will be accepted during JSON parsing. Lower values may cause a valid match to fail. Higher values may cause the WAF engine to run slower. The default value is 10000. The range of valid values is 1000 to 99999.

Workloads

When a workload is selected, the OWASP CRS optimizes the rules to ensure that known false positives are not returned.

Countries to block:

Based on GEO IP information, you can select countries that should not be allowed access. Click the Select All button to block the access for all countries or select individual countries from the country list that are to be blocked and click the Set Excluded Countries button.