The following section discusses the differences between these two modes.

Detection only and enforcement are the two modes supported for a WAF policy in NSX Advanced Load Balancer. Every policy runs in one of these modes to evaluate the requests and responses.

Detection Only Enforcement
Policy Logs alerts during an attack, but no deny action is taken. Rejects requests when a policy is matched and deny action is taken.
Operation Evaluates the whole policy without stopping at the first rule hit. Matches the first rule that rejects the request and implements the default action or returns a rule specific error code.
Log files Contains the WAF log section where the policy violation was found and entries for every rule that is matched.

Contains specific WAF log section which has the first rule that rejected the request.

Note: This is to improve performance. If a request is already detected as an attack, further checks are not required.
Response Code 200 OK Default is 403 Forbidden. This response code can be modified.