The following section discusses the differences between these two modes.
Detection only and enforcement are the two modes supported for a WAF policy in NSX Advanced Load Balancer. Every policy runs in one of these modes to evaluate the requests and responses.
|Policy||Logs alerts during an attack, but no deny action is taken.||Rejects requests when a policy is matched and deny action is taken.|
|Operation||Evaluates the whole policy without stopping at the first rule hit.||Matches the first rule that rejects the request and implements the default action or returns a rule specific error code.|
|Log files||Contains the WAF log section where the policy violation was found and entries for every rule that is matched.||
Contains specific WAF log section which has the first rule that rejected the request.
Note: This is to improve performance. If a request is already detected as an attack, further checks are not required.
|Response Code||200 OK||Default is 403 Forbidden. This response code can be modified.|