Auto-profiles for tagging/reporting (when enabled)

Feature Auto-profiles for tagging/reporting (when enabled) Description Auto tagging/profiling. How it works AegisWAF applies this capability inside the API Shield module. The engine evaluates configuration, applies matching (path/method/tokens/counters/providers), then records evidence into the event log and executes the configured enforcement action when conditions are met. How to access / Enable or disable Access: AegisWAF → API Shield Enable/Disable: Use the toggle on this screen to turn it ON or OFF, then click Save. Recommended setting Start conservative (LOG or Challenge) for new deployments; tighten to Block once you confirm low false positives.

Add / Edit / Delete saved per-route rules

Feature Add / Edit / Delete saved per-route rules Description Manage per-route rules. How it works AegisWAF applies this capability inside the API Shield module. The engine evaluates configuration, applies matching (path/method/tokens/counters/providers), then records evidence into the event log and executes the configured enforcement action when conditions are met. How to access / Enable or disable Access: AegisWAF → API Shield Enable/Disable: Use the module toggle/switch on this screen (or the relevant category toggle) to enable/disable. Recommended setting Start conservative (LOG or Challenge) for new deployments; tighten to Block once you confirm low false positives.

Advanced Per-Route Controls (pattern | category | profile | per-method thresholds)

Feature Advanced Per-Route Controls (pattern | category | profile | per-method thresholds) Description Per-route advanced controls. How it works AegisWAF applies this capability inside the API Shield module. The engine evaluates configuration, applies matching (path/method/tokens/counters/providers), then records evidence into the event log and executes the configured enforcement action when conditions are met. How to access / Enable or disable Access: AegisWAF → API Shield Enable/Disable: Use the module toggle/switch on this screen (or the relevant category toggle) to enable/disable. Recommended setting Start conservative (LOG or Challenge) for new deployments; tighten to Block once you confirm low false positives.

REST allowlist (route prefix match; bypasses enforcement)

Feature REST allowlist (route prefix match; bypasses enforcement) Description Allowlist to bypass enforcement. How it works AegisWAF applies this capability inside the API Shield module. The engine evaluates configuration, applies matching (path/method/tokens/counters/providers), then records evidence into the event log and executes the configured enforcement action when conditions are met. How to access / Enable or disable Access: AegisWAF → API Shield Enable/Disable: Use the module toggle/switch on this screen (or the relevant category toggle) to enable/disable. Recommended setting Start conservative (LOG or Challenge) for new deployments; tighten to Block once you confirm low false positives.

REST window (seconds)

Feature REST window (seconds) Description Sliding window for REST thresholds. How it works AegisWAF applies this capability inside the API Shield module. The engine evaluates configuration, applies matching (path/method/tokens/counters/providers), then records evidence into the event log and executes the configured enforcement action when conditions are met. How to access / Enable or disable Access: AegisWAF → API Shield Enable/Disable: Use the module toggle/switch on this screen (or the relevant category toggle) to enable/disable. Recommended setting Start conservative (LOG or Challenge) for new deployments; tighten to Block once you confirm low false positives.

API key header enforcement (header name + expected value; blocks if missing/mismatch)

Feature API key header enforcement (header name + expected value; blocks if missing/mismatch) Description Static API key header validation. How it works AegisWAF applies this capability inside the API Shield module. The engine evaluates configuration, applies matching (path/method/tokens/counters/providers), then records evidence into the event log and executes the configured enforcement action when conditions are met. How to access / Enable or disable Access: AegisWAF → API Shield Enable/Disable: Use the module toggle/switch on this screen (or the relevant category toggle) to enable/disable. Recommended setting Enable only for private/internal APIs; rotate keys and keep the header name unique.

CORS allowlist enforcement (Origin must match an allowlisted line)

Feature CORS allowlist enforcement (Origin must match an allowlisted line) Description Origin allowlist checks. How it works AegisWAF applies this capability inside the API Shield module. The engine evaluates configuration, applies matching (path/method/tokens/counters/providers), then records evidence into the event log and executes the configured enforcement action when conditions are met. How to access / Enable or disable Access: AegisWAF → API Shield Enable/Disable: Use the module toggle/switch on this screen (or the relevant category toggle) to enable/disable. Recommended setting Allowlist only your known front-end origins; avoid wildcards in production.

Max REST body size (bytes) enforcement (413 if exceeded; 0 disables)

Feature Max REST body size (bytes) enforcement (413 if exceeded; 0 disables) Description Body size enforcement for REST. How it works AegisWAF applies this capability inside the API Shield module. The engine evaluates configuration, applies matching (path/method/tokens/counters/providers), then records evidence into the event log and executes the configured enforcement action when conditions are met. How to access / Enable or disable Access: AegisWAF → API Shield Enable/Disable: Use the module toggle/switch on this screen (or the relevant category toggle) to enable/disable. Recommended setting Set a limit that fits your API use (e.g., 256KB–1MB). Use 0 only if absolutely necessary.

Require application/json Content-Type for REST requests with body (POST/PUT/PATCH)

Feature Require application/json Content-Type for REST requests with body (POST/PUT/PATCH) Description Enforce JSON content type for body. How it works AegisWAF applies this capability inside the API Shield module. The engine evaluates configuration, applies matching (path/method/tokens/counters/providers), then records evidence into the event log and executes the configured enforcement action when conditions are met. How to access / Enable or disable Access: AegisWAF → API Shield Enable/Disable: Use the module toggle/switch on this screen (or the relevant category toggle) to enable/disable. Recommended setting Start conservative (LOG or Challenge) for new deployments; tighten to Block once you confirm low false positives.

Require authentication for non-GET REST requests (POST/PUT/PATCH/DELETE) unless allowlisted

Feature Require authentication for non-GET REST requests (POST/PUT/PATCH/DELETE) unless allowlisted Description Require auth for write methods. How it works AegisWAF applies this capability inside the API Shield module. The engine evaluates configuration, applies matching (path/method/tokens/counters/providers), then records evidence into the event log and executes the configured enforcement action when conditions are met. How to access / Enable or disable Access: AegisWAF → API Shield Enable/Disable: Use the module toggle/switch on this screen (or the relevant category toggle) to enable/disable. Recommended setting Start conservative (LOG or Challenge) for new deployments; tighten to Block once you confirm low false positives.

FAQs – Page 41 – Aegisify, Inc. – Free WordPress Security Audit and Scans with Agentic AI

Categories: AegisWAF
Auto-profiles for tagging/reporting (when enabled)
read more
Categories: AegisWAF
Add / Edit / Delete saved per-route rules
read more
Categories: AegisWAF
Advanced Per-Route Controls (pattern | category | profile | per-method thresholds)
read more
Categories: AegisWAF
REST allowlist (route prefix match; bypasses enforcement)
read more
Categories: AegisWAF
REST window (seconds)
read more
Categories: AegisWAF
API key header enforcement (header name + expected value; blocks if missing/mismatch)
read more
Categories: AegisWAF
CORS allowlist enforcement (Origin must match an allowlisted line)
read more
Categories: AegisWAF
Max REST body size (bytes) enforcement (413 if exceeded; 0 disables)
read more
Categories: AegisWAF
Require application/json Content-Type for REST requests with body (POST/PUT/PATCH)
read more
Categories: AegisWAF
Require authentication for non-GET REST requests (POST/PUT/PATCH/DELETE) unless allowlisted
read more

News & Events