Context
Wafris v2 and above firewalls can be deployed in one of two operational modes: Managed or Standalone. Which mode you choose direclty impacts many aspects of your deployment, including how you deploy, manage, and monitor your WAF.
Client Controlled
Each Wafris client instance (e.g. a web server, framework or platform with an deployed Wafis module) controls what operational mode is being used. In most cases, the
Features Mode Table
| Feature | Managed Mode | Standalone Mode |
|---|---|---|
| Firewall Configuration | Distributed from Wafris Hub | Locally configured |
| Request Reporting | Real-time reports available | No reporting |
| Rule Setting | Sync’d from Wafris Hub | Locally set |
| Monitoring and Alerts | Real-time monitoring and alerts | No monitoring or alerts |
| Data Subscriptions | Geo IP and IP reputation data | No data subscriptions |
Standalone Mode
Standalone mode separates the on server firewall blocking from the request reporting, rule setting, monitoring/alerting, and data subscription features that are available in Managed mode.
Conceptually, you’re setting rules by modifying the entries in a SQLite DB which is then deployed alongside your application. The core SQLite DB even with thousands of rules set is smaller that most images on your site making it easy and practical to keep in version control.
To enable standalone mode, refer to the directions in your specific Wafris client documentation.
Managed Mode
Managed Wafris WAFs communicate with Wafris Hub to enable:
- The distribution of firewall configuration rules from Hub to WAF instances.
- The collection of telemetry request data from the WAF instances.
This is the default operational mode for Wafris WAFs.
Request Reporting
Request data sent to Hub from Wafris WAFs is directly tranformed into reports covering the most recent time period.
Setting Rules
Rules set from within Wafris Hub are sync’d to Wafris WAFs in seconds.
Monitoring and Alerts
Usage alerts and real-time monitoring is available for Managed WAFs.
Data Subscriptions
Geo IP data and IP reputation data are constantly being updated and distributed to Managed WAFs. Standalone WAF (by definition) aren’t updated with this data and can’t take advantage of either feature.