Click Advanced Settings to configure the advanced OWASP settings.

Inspect HTTP POST Request Bodies

This option is disabled by default. If you enable this option, three more check boxes become available that allow you to enable the processing of JavaScript Object Notation (JSON), XML requests, and other content types.

Process HTTP Responses

Enables checking of the responses from the server to the client.

Enabling the Process HTTP Responses option makes two more options, E - Intended Response Body and F - Response Headers, available in the Audit Parts options.

Note: The processing of response data can be CPU and memory intensive and may impact on performance.

Blocking Paranoia Level

Defines how strictly the ModSecurity engine implements each rule. The default Paranoia Level value is set at 1. With each paranoia level increase, the CRS enables stricter implementations of the rules, giving you a higher level of security. However, higher paranoia levels also increase the possibility of blocking some legitimate traffic due to false positives. If you use higher paranoia levels, you will likely need to add some exclusion rules for certain applications that need to receive complex input patterns.

Executing Paranoia Level

Defines the paranoia level at which the ModSecurity engine checks/verifies the requests coming from the servers. The results of the checks will be logged but the Executing Paranoia Level is not used to determine what traffic will be blocked.

Though the Executing Paranoia Level can be higher than the Blocking Paranoia Level, it cannot be lower. A higher Executing Paranoia Level enables users to see which rules would be triggered at a higher Paranoia level without blocking traffic.

Audit Parts

A single string that contains the sections to be entered in the WAF audit log for each request. The supported values are A, B, E, F, H, K, Z, though only the values B, E, F, H can be enabled or disabled.

For further information regarding the Audit Parts, please refer to https://github.com/SpiderLabs/ModSecurity/wiki/ModSecurity-2-Data-Formats.

PCRE Match Limit

This setting sets the maximum iterations that are internal PCRE engine will use before failing a match. Lower value may cause a valid match to fail, whereas a higher value may cause the WAF engine to run slower. The default value is 3000.

Workloads

When a workload is selected, the OWASP CRS optimizes the rules to ensure that known false positives are not returned.

Countries to block

Based on GEO IP information, you can select countries that should not be allowed access. Click Select All to block the access for all countries or select individual countries from the country list that are to be blocked and click Set Excluded Countries.