Your website WAF can be accessed by clicking on the security link in your domain dashboard.


The Threats tab shows you all the events picked up by the WAF or any configured blocklists.

waf threats

Requests blocked by a WAF rule have a symbol which can be clicked to show which rules triggered the event.

waf threat detail

When viewing the WAF event detail you may choose to disable the triggered rule for future visitors.

Access Lists

The Access Lists tab provides you with control over who has access to your website based on IP or country code.

waf access

Preset block lists

Peakhour provides users with access to a set of high quality (free and commercial) third party ip reputation blocklists. These include:

Enable none or all to protect your site.


You have the ability to blacklist/whitelist individual IP addresses, eg or an IP range, eg or even an entire country by country code, eg cn



Blocking Mode

The WAF may be set to three modes:

Available rulesets

Peakhour provides three best of breed rulesets for use with your website. Configure none, one or all of them for maximum protection.

TODO - virtual patching, best practice