AI-WAF is an AI-driven next-generation web application firewall empowered with a contextual AI detection engine.
This engine fully integrates rule-based,
machine learning-based, and semantic analysis-based threat detection algorithms and technologies to enhance threat detection adaptabilities and accuracy.
{{toggleUsageText}}
Service Configuration
Q. How to restrict the website access to a list of trusted IPs within my work environment?
Click Settings on the side panel and enable the Permitted IP List. Enter the IPs that you want to whitelist.
Q. How to configure a maintenance page in case of a system failure?
Click Emergency Mitigation on the side panel and enable Kill Switch. Select Return HTML under Action
and upload a maintenance page in HTML format.
Q. How to add APIs that are not automatically discovered?
Go to API Protection > Management > Asset.
You can either upload an OpenAPI format file or manually add the APIs. Alternatively, go to API Protection > Discovery to configure a new rule for automatic API detection.
Q. How to mask the sensitive data in my API response?
Go to API Protection > Data Loss Prevention > Detection Rules.
Create a custom rule and use the Data Masking tab to configure the rule. You can apply it to all APIs or specific ones.
Q. How to enable the bot management?
Click Bot Management on the side panel.
Click Add Bot Management Rule.
Enable Dynamic Token Protection.
Enable Anti-Debugging to prevent debugging activities on remote user browsers.
Configure Browser Interrogation based on your requirements.
Q. How to configure API protection?
Click API Protection on the side panel.
Click Management .
Under the Asset tab, review the API list being automatically discovered and categorised.
Under the Tag tab, configure and assign tags to APIs based on your business requirements.
Click Discovery on the side panel to configure API discovery rules.
Click Threats Detection to monitor threats and configure threat detection rules.
Click Vulnerabilities Detection to view and manage the detected potential vulnerabilities in your APIs.
Click Data Loss Prevention to view and manage detection rules for APIs that may expose sensitive data.
{{togglePaymentText}}
Threat Prevention
Q. How to protect the website from defacement?
Go to AI-WAF > Advance Protection and enable Page Defacement Mitigation to ensure website visitors always get intact web pages.
Q. How to prevent visitors from using browser developer tools to debug my website?
Click Bot Manager on the side panel, enable Anti-Debugging and apply the rule to your website.
Q. How to prevent visitors from viewing the defaced content when the website is compromised?
Click Emergency Mitigation on the side panel and enable Kill Switch. Select Return HTML under Action
and upload a maintenance page in HTML format.
{{toggleBillingText}}
Threat Mitigation
Q. How to stop malicious bots from exploiting my website?
Click Bot Manager on the side panel, configure a bot manager rule, and apply it to your website.
Q. What to do when the website is still tampered with after enabling all protections?
{{toggleCustomerSupportText}}
Monitoring and Analytics
Q. How to check the analysis of malicious request attacks?
Go to Analytics > Threat Investigation. You can search, view and analyse all the malicious requests visiting your website.
Q. How to whitelist a verified social media bot that helps to monitor my brand mentions?
Contact the Conversant sales team to add the social media bot as a verified bot.
{{toggleCustomerSupportText}}
Troubleshooting
Q. How do I troubleshoot if the analytics are not visible after the website has generated requests?
Check the configuration of the DNS record to ensure the DNS record being pointed to the Conversant CNAME domain.
Q. How do I troubleshoot if the analytics are not visible after the malicious requests are sent to the protected website?
Please check whether the Protection Mode for the particular website is configured to Monitor or By-pass.
Q. How do I troubleshoot if malicious requests can still go through after the Protection Mode is configured to Block?
Ensure that the WAF Protection Policy is enabled for the website under AI-WAF > General Protection.
Q. How do I troubleshoot if the IP address is not visible in requests under Analytics?
Multiple methods can be used to capture the remote user IP (Settings > Websites > Advanced Protection). Choose the method that aligns with your system design.
Q. How do I troubleshoot if receiving a 400 status code when visiting the protected website?
Check if the Kill Switch (under Emergency Mitigation) has been accidentally enabled. If not, check Analytics > Threat Investigation to analyse the error code.
