To get started customzing the Astra Protection mode, login to your Astra Dashboard
Once you're logged in, click on 'Dashboard' for the domain you wish to adjust settings for.
On the next screen, click the 'Settings' tab
We are going to cover 3 different options. The first is to disable the firewall without uninstalling the plugin from your website. The second is to use 'Monitor' or 'Blocking' mode. The third is to set the security level of the firewall.
If for any reason you want to temporarily disable the firewall, you can do so by following these steps once you're logged into the Astra Dashboard
1) Once you're on the Settings tab, scroll down to 'Astra Protection' and click the green button to the right.
2) Choose 'On' or 'Off' depending on your needs
Make sure you turn the Firewall back on in order to ensure full protection!
Choosing to monitor vs. blocking is very important when you first activate the firewall. When you first install Astra, you may wish to have the attacks logged and not blocked. This will allow you to see what the firewall would block and you can whitelist URLs and parameters accordingly. Once you're ready to activate the firewall full time, change from 'Blocking' to 'Monitoring'.
Make sure you setting to 'Blocking' in order to ensure full protection!
Security Level handles how quickly and aggressively you want Astra to block attackers. To find this setting, go to the Settings tab within your Astra Dashboard and scroll down until the see the Security Level section.
A “High” security level would mean that if there is even one attack performed from a single IP, the attacker’s IP gets blocked directly.
A “Medium” security level would mean that if there are 5-10 attacks that are performed from a single IP, the attacker’s IP gets blocked for 100-300 minutes.
A “Low” security level would mean that if there are 2-5 attacks from the IP, their IP gets blocked for 10-15 minutes.
The Security level decides the blocking duration. The Security
levels have a threshold impact score on the basis of which it identifies
and blocks threats. Each WAF rule also has an impact score attached to it.
For example, a basic SQL injection probing such as xyz.com?s=1’ has an impact score of 15, then in ‘low’ mode, the request may not be blocked, whereas in the ‘High’ mode an impact score of 15 is huge and the attacker’s IP gets blocked.