Feature
Require authentication for non-GET REST requests (POST/PUT/PATCH/DELETE) unless allowlisted
Description
Require auth for write methods.
How it works
AegisWAF applies this capability inside the API Shield module. The engine evaluates configuration, applies matching (path/method/tokens/counters/providers), then records evidence into the event log and executes the configured enforcement action when conditions are met.
How to access / Enable or disable
- Access: AegisWAF → API Shield
- Enable/Disable: Use the module toggle/switch on this screen (or the relevant category toggle) to enable/disable.
Recommended setting
Start conservative (LOG or Challenge) for new deployments; tighten to Block once you confirm low false positives.