Step 4: Explore the Dashboard
With your DNS configured and traffic flowing through PowerWAF, the dashboard becomes your central hub for monitoring and managing your website's security. This section gives you an overview of the dashboard and the key features you should configure next.
Dashboard Overview​
The dashboard provides real-time visibility into your website's traffic and security status.
Summary Cards​
At the top of the dashboard, you will find summary cards showing key metrics for the last 24 hours:
| Metric | Description |
|---|---|
| Total Requests | Total number of HTTP requests processed |
| Blocked Attacks | Number of malicious requests blocked by the WAF |
| Bandwidth | Total bandwidth consumed |
| Active Sites | Number of sites currently protected |
Traffic Charts​
The middle section displays interactive charts:
- Throughput: Bandwidth over time (line chart).
- Hits: Request count trends (bar chart).
- Daily Blocked Attacks: Attacks blocked per day (stacked bar chart).
- Attack Origin Map: Geographic visualization of attack sources.
- Top Triggered Rules: Most frequently triggered WAF rules.
Plan Details​
On the right sidebar, you can see your current plan information, usage against limits, and an option to upgrade if needed.
Key Features to Configure​
After completing the initial setup, these are the features you should review and configure:
WAF Rules​
Navigate to WAF Configuration in the left sidebar. The WAF comes with pre-configured rule sets to protect against common attacks:
- SQL Injection (SQLi)
- Cross-Site Scripting (XSS)
- Remote Code Execution (RCE)
- Local/Remote File Inclusion (LFI/RFI)
Each rule category can be individually enabled or disabled. By default, all rules are enabled. If a legitimate request is being blocked, you can disable specific rules to fine-tune protection.
Start with all rules enabled and only disable specific rules if you encounter false positives. Check the Events Log to identify which rule is triggering.
SSL Certificates​
Navigate to SSL Certificates to manage HTTPS for your sites:
- Let's Encrypt: Automatically issues and renews free SSL certificates.
- Custom Certificate: Upload your own PEM certificate and private key.
If you are using Full DNS mode, PowerWAF can automatically provision Let's Encrypt certificates for your domains once the nameserver change is propagated.
IP Access Control​
Navigate to IP Access Control to manage IP-based allow/block lists:
- Whitelist: Only allow traffic from specific IP addresses or CIDR ranges.
- Blacklist: Block traffic from specific IP addresses or CIDR ranges.
This is useful for blocking known malicious IPs or restricting access to staging environments.
Security Events Log​
Navigate to Events Log under the Security section to view all blocked attacks in detail:
- Filter by date range, site, rule type, and country.
- View detailed information for each event: source IP, country, triggered rule, and request details.
- Export to CSV for further analysis.
Team Management​
If you work with a team, navigate to Team Management to invite collaborators:
- Owner: Full access (auto-assigned to the account creator).
- Admin: Full access except team deletion.
- Editor: Can view and edit configurations but cannot create or delete resources.
- Read-only: View-only access to all sections.
For detailed information, see the Team Management documentation.
What's Next?​
Your site is now protected by PowerWAF. Here is a summary of recommended next steps:
- Monitor the Dashboard for the first few hours to verify that traffic is flowing correctly and no legitimate requests are being blocked.
- Review the Events Log to check for any false positives and fine-tune WAF rules as needed.
- Configure SSL certificates if you haven't already, to ensure all traffic is encrypted.
- Set up IP access rules if you need to restrict access to specific environments.
- Invite your team to collaborate on security management.
If you encounter any issues or need assistance, visit the Helpdesk section in the panel to create a support ticket. Our team is ready to help.
You have completed the Getting Started guide. Your website is now protected by PowerWAF's Web Application Firewall and accelerated by its CDN. Welcome aboard!