Your website WAF can be accessed by clicking on the security link in your domain dashboard.


The Threats tab shows you all the events picked up by the WAF or any configured blocklists.

waf threats

Requests blocked by a WAF rule have a symbol which can be clicked to show which rules triggered the event.

waf threat detail

When viewing the WAF event detail you may choose to disable the triggered rule for future visitors.

Access Lists#

The Access Lists tab provides you with control over who has access to your website based on IP or country code.

waf access

Reputation lists#

Peakhour provides users with access to a set of high quality ip reputation blocklists. These include:

  • IPs with a poor reputation
  • Computers infected with malware
  • Active attackers
  • Robots and web scrapers
  • Bruteforcing
  • Forum and comment spammers
  • TOR anonymous users
  • Anonymous proxies
  • Uncategorised potentially malicious IPs

Enable none or all to protect your site.


You have the ability to blacklist/whitelist individual IP addresses, eg or an IP range, eg or even an entire country by country code, eg CN.



Blocking Mode#

The WAF may be set to three modes:

  • Disable - turn it off
  • Warn - do not block any visitors but generate events to indicate who would be blocked
  • Enabled - block visitors that match your configured rules

Available rulesets#

Peakhour provides two best of breed rulesets for use with your website.

  • Owasp
  • Atomicorp