WAF can be configured to run in the following 2 modes for an API:

  1. Detection mode: Monitors and logs any threat alerts. WAF for API custom security configuration doesn't block incoming requests when in Detection mode.

  2. Prevention mode: Blocks any intrusions and perceived attacks that the WAF rules detect. This mode will give an attacker a 403 Forbidden error, and close the connection. Prevention mode records any such attacks in the WAF logs.