Loading
Feature degradation | Gmail Email delivery failureRead More
Set Up and Maintain Your Salesforce Organization
Table of Contents
Filter by (0)Add
Select Filters

          No results
          No results
          Here are some search tips

          Check the spelling of your keywords.
          Use more general search terms.
          Select fewer filters to broaden your search.

            Search all of Salesforce Help
            Search all of Salesforce Help
            WAF Firewall Managed Ruleset Control

            You are here:

            1. Salesforce Help
            2. Docs
            3. Set Up and Maintain Your Salesforce Organization

            WAF Firewall Managed Ruleset Control

            This control activates a pre-configured layer of security rules within the Salesforce Content Delivery Network (CDN) to inspect incoming web traffic and block common malicious patterns before they reach your site.

            Control Name

            WAF Firewall Managed Ruleset

            Recommended Configuration

            In Salesforce CDN Settings, enable WAF Firewall Managed Ruleset.

            Control Overview

            This control activates a pre-configured layer of security rules within the Salesforce Content Delivery Network (CDN) to inspect incoming web traffic and block common malicious patterns before they reach your site.

            Security Risk If Not Configured

            Without an active WAF, your Experience Cloud site is directly exposed to automated attacks, such as SQL injection and cross-site scripting, which aim to exploit vulnerabilities in web code to steal data or disrupt services.

            Threat Scenarios

            An attacker uses an automated botnet to launch a Distributed Denial of Service (DDoS) attack or a "credential stuffing" campaign, overwhelming your portal and potentially gaining unauthorized access through sheer volume.

            Estimated CVSS Score Range

            Critical (9.0–10.0).

            Risk Impact Considerations

            The absence of a WAF leads to increased downtime, potential data breaches, and higher resource consumption, as the Salesforce platform must process malicious traffic that could have been blocked at the edge.

            Higher Risk When

            Public-facing portals handle sensitive customer data or financial transactions, as these sites are primary targets for global hacking groups and automated vulnerability scanners.

            Low Risk When

            The site is purely informational with no authenticated login or if the company uses a third-party, enterprise-grade edge security provider to filter traffic before it reaches Salesforce.

            Business and Integration Considerations

            Implementing the managed ruleset may require monitoring to make sure that legitimate users aren’t blocked by security signatures that misidentify their traffic as a threat.

            Recommended Remediation

            Go to Experience Workspaces>Administration>Emails, select External Services, and within the CDN Settings, enable the WAF Managed Ruleset.

            Security Health Review Guidance

            Security Health Review identifies the WAF Managed Ruleset as a perimeter defense layer that acts at the entry point of the network, requiring its use to provide a proactive shield against the changing variety of web-based threats and automated exploits.

            See Also

             
            Loading
            Salesforce Help | Article