The following section discusses the differences between these two modes.
Detection only and enforcement are the two modes supported for a WAF policy in NSX Advanced Load Balancer. Every policy runs in one of these modes to evaluate the requests and responses.
| Detection Only | Enforcement | |
|---|---|---|
| Policy | Logs alerts during an attack, but no deny action is taken. | Rejects requests when a policy is matched and deny action is taken. |
| Operation | Evaluates the whole policy without stopping at the first rule hit. | Matches the first rule that rejects the request and implements the default action or returns a rule specific error code. |
| Log files | Contains the WAF log section where the policy violation was found and entries for every rule that is matched. | Contains specific WAF log section which has the first rule that rejected the request.
Note: This is to improve performance. If a request is already detected as an attack, further checks are not required.
|
| Response Code | 200 OK | Default is 403 Forbidden. This response code can be modified. |
