Managed rules overview

Benefits

Managed rules provide the following benefits over the previous WAF version:

New matching engine

Managed rules use the ruleset engine, which allows faster managed rule deployments so that you can check more traffic without scaling issues, while improving performance and security. The rules follow the same syntax that is used in other CIS security features such as WAF custom rules.

Updated managed rulesets

The OWASP core ruleset is based on the latest version (v3.x), which adds paranoia levels and improves false positives rates compared to the version used in WAF managed rules (2.x). You also have more control over the sensitivity score, with a clear indication of how much each rule contributes to the score and what the total score of a triggered request was. The updated rulesets also provide better controls to separate rule status from rule action, which makes it easier to configure both, independently.

Better rule browsing and configuration

The default configuration of Managed rules has a low false positive rate while providing a food security baseline for your web applications. For the best possible security, enable as many rules as possible. You might need to customize the ruleset behavior based on the underlying application. Bulk editing controls in addition to inline single rule controls contribute to faster configuration changes based on specific use cases.

Rulesets

These managed rulesets are regularly updated. You can adjust the behavior of specific rules in these rulesets, choosing from several possible actions.