How to Set Up Web Application Firewall (WAF)

Option 1: Cloudflare WAF (Easiest)

# Point your domain to Cloudflare nameservers
# Enable WAF rules from Cloudflare dashboard

Option 2: ModSecurity (Self-hosted)

Follow the ModSecurity for Nginx or Apache guides separately.

Option 3: NAXSI for Nginx

sudo apt install nginx-naxsi

Basic WAF Rules to Implement

• Block SQL injection patterns
• Block XSS patterns
• Limit request rate
• Block known bad user agents