Web Application Firewall (WAF) can be configured to run in 2 modes:
1. Detection mode:
- Monitors and logs potential threats
- Does not block incoming requests
- Useful for testing WAF rules and observing suspicious activity without disrupting traffic
In Detection mode, WAF for API custom security configuration only records alerts—it doesn’t interfere with request flow.
2. Prevention mode:
- Actively blocks intrusions and perceived attacks
- Returns a 403 Forbidden error to the attacker
- Closes the connection immediately
- Logs all blocked attempts in the WAF logs
Use Prevention mode to enforce security policies and protect APIs from malicious traffic.