Peakhour integrates the OWASP Modsecurity core rule set.
This ruleset aims to protect against a wide range of attacks including the OWASP Top Ten with a minimum of false positives. This ruleset is recommended for all websites.
Inbound anomaly level#
Internally Owasp gives every incoming request a score to determine the action to take. The higher the score the more of a potential threat the request is. By setting the inbound anomaly level low you will make the firewall block more requests.
With each paranoia level increase, more rules are applied giving you a higher level of security. However, higher paranoia levels also increase the possibility of blocking some legitimate traffic due to false positives. If you use higher paranoia levels, it is recommended you first place the WAF in warning mode to enable you to disable rules that are generating false positives for your site.
- Level 1 - default core rules - you should face false positives rarely, and therefore it is recommended for all sites and applications
- Level 2 - core + xss, sqli and code injections - enables many regexp-based SQL and XSS injection protections, and adding extra keywords checked for code injections, this may generate some false positives you may have to deal with.
- Level 3 - enables more rules and keyword lists that cover less common attack. Level 3 is aimed at sites with high security requirements
- Level 4 - further restricts special characters. Level 4 is aimed at experienced users with very high security requirements.