WAF

The WAF section allows you to manage CorazaWAF, a powerful Web Application Firewall integrated into OpenPanel.

Use this interface to enhance security by enabling protection against common web threats such as SQL injection, XSS, and other malicious behavior.

Enable​

Toggle the Web Application Firewall on or off. When enabled, CorazaWAF actively inspects incoming requests and blocks suspicious activity based on configured rules.

Rule Sets​

Manage the rule sets that CorazaWAF uses to protect your applications.

Active: Displays the number of currently active rule sets (e.g., 21 / 23).

Click Manage Rules to enable or disable individual WAF rule sets according to your security needs.

The rule set table includes the following columns:

• Name – The name or identifier of the rule set.

• Number of Rules – Total number of rules contained within the set.

• Status – Indicates whether the rule set is currently enabled or disabled.

• Actions – Options to View rule details or Disable the rule set.

Properly configuring WAF rules helps maintain a balance between strong protection and minimizing false positives.