Help Center

  1. StackPath Help
  2. WAF
  3. How-To Guides

Enabling Monitor Mode

Avatar
Zane L.
Updated:

Overview

You can use this document to learn about and enable the Monitor mode for an existing site with a WAF.

If you have not enabled the WAF for a site, then see Setting up a WAF Instance on an Existing Site.

There are 3 WAF modes: 

  • Protect
  • Monitor
  • Off

You can use the Monitor mode to temporarily test the WAF's behavior so that you can adjust the WAF's policies before you enable Protect mode, which offers full protection. 

With the exception of protection against Application Layer DDoS Attacks, while in Monitor mode, the WAF does not perform any action against requests. Instead, the WAF logs requests that would have been blocked or sanctioned under Protect mode.

  • To learn more about the WAF's protection against Application Layer DDoS Attacks, see L7 DDoS Protection.

Reviewing Sample Scenario

For example, a cURL request without any header modification flags will trigger the Invalid User Agent Prevention policy.

If the WAF is in Protect mode, then the request will receive a 403 status code:

  curl -I https://c8k3p3x4.stackpathcdn.com
  HTTP/2 403 
  date: Mon, 25 Mar 2019 20:38:48 GMT

If the WAF is in Monitor mode, then the request will receive a 200 status code. 

  curl -I https://c8k3p3x4.stackpathcdn.com
  HTTP/2 200
  date: Mon, 25 Mar 2019 20:40:37 GMT

Additionally, while in Monitor mode, the WAF will log a request. These requests can be reviewed in the WAF Analytics section of the Portal. Requests marked Suppressed indicate that the WAF would have blocked it had Protect mode been enabled.

2.png

Enabling WAF Monitor Mode 

You can use these instructions to enable the Monitor mode for sites that already have the WAF enabled. 

  1. In the StackPath Control Portal, in the left-side navigation, click Sites
  2. Locate and select the desired site.
  3. In the left-side navigation, click WAF
  4. In the top, right corner of the screen, next to WAF Mode, in the drop-down menu, select Monitor
    • To confirm, in the left-side navigation, click Analytics, and then select the WAF tab. Monitor Mode will display next to Web Application Firewall Requests.

1.png

After you enable Monitor mode, StackPath recommends that you review the results and adjust your WAF settings. To learn more, see Step 3 in our Setting up a WAF Instance on an Existing Site article.

Was this article helpful?

Related articles

Not finding what you need?

95% of questions can be answered using the search tool. This is the quickest way to get a response.

Contact Us