Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.bunny.net/llms.txt

Use this file to discover all available pages before exploring further.

The Bunny Shield WAF inspects HTTP traffic in real time to block common attacks like SQL injection, cross-site scripting, and the rest of the OWASP Top 10. The managed ruleset works on its own, or you can layer custom rules on top to cover threats specific to your application.

Key Features

  • Automatic Threat Detection: Bunny Shield’s WAF automatically identifies and blocks prevalent attacks such as SQL injection, cross-site scripting (XSS), and cross-site request forgery (CSRF). By detecting malicious patterns in incoming requests, it prevents attackers from exploiting vulnerabilities in your application.
  • Customizable Security Rules: The WAF allows you to tailor security measures to your specific needs by configuring custom security rules. This flexibility enables you to address unique threats pertinent to your application, ensuring a higher level of protection.
  • Real-Time Monitoring: With real-time logs and security events, you gain complete visibility into your application’s security status. Monitoring blocked and allowed traffic helps you stay informed about potential threats and respond promptly to any suspicious activities.
  • Flexible API: Manage your WAF configuration programmatically through the REST API, so it slots into your existing workflows and automation.
  • Low Latency Protection: WAF checks run at the edge with minimal overhead, so security measures don’t add noticeable delay to user requests.

WAF Rules and Policies

Understanding Predefined Rules

Bunny Shield’s WAF comes with a set of predefined rules that cover most common security vulnerabilities, including:
  • SQL Injection Protection: Detects and blocks SQL injection attempts in query parameters and forms.
  • XSS (Cross-Site Scripting): Identifies and prevents attempts to execute JavaScript or HTML in user-generated content.
  • Remote File Inclusion (RFI): Blocks attempts to include files from remote servers in your web application.
  • OWASP Top 10: We protect against all current known OWASP threats.
These rules are regularly updated to stay ahead of emerging threats, ensuring your application remains protected against the latest vulnerabilities..

Reducing false positives on API traffic

Predefined rules are tuned for general web traffic and can flag API requests where structured payloads, JWTs, or unusual content types resemble injection patterns. For APIs, API Guardian is usually a better fit than disabling individual rules: requests on paths declared in your OpenAPI specification are validated against the contract instead of being run through the predefined ruleset.

Configuring via API

You can utilize the Bunny Shield API to automate WAF configurations or integrate them into your continuous integration and continuous deployment (CI/CD) pipelines. This capability allows you to manage your security settings efficiently and consistently across different environments. You can access the full API reference documentation here.

Monitoring and Logging

WAF logs are essential for gaining insights into the traffic patterns and potential threats targeting your application. By analyzing these logs, you can identify unusual activity, monitor the effectiveness of your security measures, and make informed decisions about updating your rules. You can access detailed logs through the WAF Logging API by sending a GET request to the following endpoint: GET https://api.bunny.net/shield/event-logs/{{shieldZoneId}} Replace {{shieldZoneId}} with your Shield Zone ID. The response returns logs of blocked and allowed traffic that you can analyze further.

Best Practices

To maximize the effectiveness of Bunny Shield’s WAF, consider the following best practices:
  • Use Predefined Rules: Start with the predefined ruleset, which covers a broad range of common threats and is updated regularly.
  • Monitor and Review Logs: Regularly checking your WAF logs helps you stay informed about potential threats and unusual activity. By monitoring these logs, you can identify new threat patterns and adjust your security measures accordingly.
  • Regularly Update Rules: Cyber threats evolve rapidly. Keeping your custom rules up-to-date allows you to adapt to new vulnerabilities and attack vectors, ensuring ongoing protection for your application.