What is Core Rule Set and why is it required?

The Core Rule Set (CRS) is a set of defense rules that provides protection from unknown vulnerabilities often found in web applications, protects against attacks that exploit the web server/operating system and mitigates the impact of malicious traffic (DoS).

CRS provides protections for the following attack/threat categories:

  • HTTP/S Protocol Protection

  • Real-time Blacklist Lookups

  • HTTP/S Denial of Service Protections

  • Generic Web Attack Protection

  • Error Detection and Hiding

What is a custom rule and why is it required?

Penetration testing highlights several business logic vulnerabilities that are exclusive to your applications and are not protected by default WAF rules. We make custom rules for WAF to block these types of attacks. It means that your applications are protected even against zero-day and other advanced attacks.

My website has already been attacked, how can you help?

Once you configure the website with Total Application Security and run the first scan, we will look for vulnerabilities that were used to attack your website. The Web Application Firewall will promptly block these attacks, including application-layer DDoS.

I see DDOS with high numbers, am I still protected?

Yes, Indusface Total Application Security not only reports application layer DDoS attacks but also blocks them.

How do I know if there is a DDoS attack in progress?

Under summary tab, DDoS Attacks Blocked widget that shows the number of DDoS attacks are blocked and if the DDoS attack is in progress:

  1. Your website and transactions on your website become slower.

  2. CPU usage will go high.

  3. Physical Memory usage will go high.

  4. Some pages or services become unavailable.

  5. The user will not able to log in.

What is IP Reputation?

IP Reputation tells whether the attacked IP is good or bad. Many resources (EG: Honey-pots) that track the type of behavior of the IP and create IP reputation lists.


A harvester is a computer program that surfs the internet looking for email addresses.

Comment Spammer:        

Comment spammers post comments to blogs and forums that typically include links to sites being promoted by the comment spammer.


IPs are labeled as Suspicious if those IPs behavior is consistent with a malicious robot.

Search Engine:

A program that searches and identifies items in a database like Google, Yahoo, MSN etc.

How can I block rogue IPs and countries?

  1. Click Protect tab.

  2. In Attacks By IP table, find the IP and country which needs to be blocked and click Details to the respective IP. A pop-up window will display the IP and country name.

  3. Click Blacklist IP and Blacklist Country on the top right side of the page to block rogue IP and country.


  1. Click icon to navigate to the Settings page.

  2. Add rogue IPs and Countries in the IPs Blacklisted and Country Blacklisted.

How can I see attack vector details?

  1. Click Protect tab.

  2. In Attacks By IP/Category/URI table, click Details. A pop-up window appears.

  3. Click Details to view the attack vectors.

How can I whitelist URI?

  1. Click Protect tab.

  2. In Attacks By URI table, find the URI which needs to be whitelisted and click Details of the respective URI. A pop-up window will appear.

  3. Click Whitelist URI on the top.

How did we do?