There was a problem loading the comments.

Astra Protection Modes

Support Portal  »  Knowledgebase  »  Viewing Article

  Print
  • 01/19/2022 11.10 AM

To get started customzing the Astra Protection mode, login to your Astra Dashboard

Once you're logged in, click on 'Dashboard' for the domain you wish to adjust settings for.

On the next screen, click the 'Settings' tab
Astra Dashboard Menu

We are going to cover 3 different options. The first is to disable the firewall without uninstalling the plugin from your website. The second is to use 'Monitor' or 'Blocking' mode. The third is to set the security level of the firewall.

 
Temporarily disable the firewall

If for any reason you want to temporarily disable the firewall, you can do so by following these steps once you're logged into the Astra Dashboard

1) Once you're on the Settings tab, scroll down to 'Astra Protection' and click the green button to the right.

Astra Protection Status

2) Choose 'On' or 'Off' depending on your needs


Make sure you turn the Firewall back on in order to ensure full protection!

Blocking vs. Monitoring

Choosing to monitor vs. blocking is very important when you first activate the firewall. When you first install Astra, you may wish to have the attacks logged and not blocked. This will allow you to see what the firewall would block and you can whitelist URLs and parameters accordingly. Once you're ready to activate the firewall full time, change from 'Blocking' to 'Monitoring'.

 

Make sure you setting to 'Blocking' in order to ensure full protection!



Astra Security Mode


Security Level


Security Level handles how quickly and aggressively you want Astra to block attackers. To find this setting, go to the Settings tab within your Astra Dashboard and scroll down until the see the Security Level section.

Explanation of Each Security Level Mode

High -
A “High” security level would mean that if there is even one attack performed from a single IP, the attacker’s IP gets blocked directly.
Medium
A “Medium” security level would mean that if there are 5-10 attacks that are performed from a single IP, the attacker’s IP gets blocked for 100-300 minutes.
Low -
A “Low” security level would mean that if there are 2-5 attacks from the IP, their IP gets blocked for 10-15 minutes.

The Security level decides the blocking duration. The Security
levels have a threshold impact score on the basis of which it identifies
and blocks threats. Each WAF rule also has an impact score attached to it.

For example, a basic SQL injection probing such as xyz.com?s=1’ has an impact score of 15, then in ‘low’ mode, the request may not be blocked, whereas in the ‘High’ mode an impact score of 15 is huge and the attacker’s IP gets blocked.

Astra Security Levels


Share via
Did you find this article useful?  

Related Articles

Categories

© Evolve Web Hosting, LLC