Your website WAF can be accessed by clicking on the security link in your domain dashboard.
The Threats tab shows you all the events picked up by the WAF or any configured blocklists.
Requests blocked by a WAF rule have a symbol which can be clicked to show which rules triggered the event.
When viewing the WAF event detail you may choose to disable the triggered rule for future visitors.
The Access Lists tab provides you with control over who has access to your website based on IP or country code.
Peakhour provides users with access to a set of high quality (free and commercial) third party ip reputation blocklists. These include:
Enable none or all to protect your site.
You have the ability to blacklist/whitelist individual IP addresses, eg 22.214.171.124 or an IP range, eg 126.96.36.199/24 or even an entire country by country code, eg cn
The WAF may be set to three modes:
Peakhour provides three best of breed rulesets for use with your website. Configure none, one or all of them for maximum protection.
TODO - virtual patching, best practice