Sudun WAF protects your web applications from common vulnerabilities and attacks. Our managed rulesets block SQL injection, cross-site scripting (XSS), and other OWASP Top 10 threats.
Request → WAF Inspection → Rule Matching
│
┌──────────┴──────────┐
│ │
Match Found No Match
│ │
Action Taken → Origin Server
| Category | Protection |
|---|---|
| SQL Injection | Query pattern detection |
| XSS | Script injection blocking |
| LFI/RFI | File inclusion prevention |
| RCE | Command injection blocking |
{
"waf": {
"mode": "detection",
"log_matches": true
}
}
{
"waf": {
"mode": "prevention",
"block_action": "block"
}
}
| Level | Description |
|---|---|
| low | Fewer false positives |
| medium | Balanced (recommended) |
| high | Stricter detection |
{
"rule": {
"name": "Block Admin Access",
"expression": "http.request.uri.path contains \"/admin\"",
"action": "block"
}
}
Skip WAF for specific paths:
{
"exceptions": {
"paths": ["/api/webhook", "/health"]
}
}
curl -X GET https://api.Sudun.com/v1/domains/{domain}/waf \
-H "Authorization: Bearer YOUR_API_KEY"
curl -X PUT https://api.Sudun.com/v1/domains/{domain}/waf \
-H "Authorization: Bearer YOUR_API_KEY" \
-d '{"mode": "prevention"}'
Need help? Contact support@Sudun.com