Supported WAFs

​

WAF detection table

​

Detection indicators by WAF

​

ArvanCloud

• Detection method: HTTP header matching
• Key indicator: Server header contains “ArvanCloud”
• Source: src/detectors/arvancloud.rs:13

​

ASPA

• Detection method: HTTP header matching
• Key indicator: Server header contains “ASPA”
• Source: src/detectors/aspa.rs

​

Astra

• Detection method: HTTP header and body pattern matching
• Key indicators: Astra-specific headers and body content
• Source: src/detectors/astra.rs

​

Barracuda

• Detection method: Response body matching with status code check
• Key indicators: Body contains “Barracuda Networks” AND 404 status
• Source: src/detectors/barracuda.rs:13

​

Check Point Application Security

• Detection method: HTTP header matching
• Key indicators: Check Point-specific response headers
• Source: src/detectors/checkpoint.rs

​

Cloudflare

• Detection method: Response body matching with status code check
• Key indicators: Body contains “Sorry, you have been blocked” AND “Cloudflare Ray ID” AND 403 status
• Source: src/detectors/cloudflare.rs:13

​

Cloudfront

• Detection method: HTTP header matching
• Key indicators: AWS CloudFront-specific headers (e.g., X-Amz-Cf-Id)
• Source: src/detectors/cloudfront.rs

​

Datadome

• Detection method: HTTP header presence
• Key indicator: X-Datadome header exists
• Source: src/detectors/datadome.rs:13

​

DotDefender

• Detection method: HTTP header and body pattern matching
• Key indicators: DotDefender-specific response patterns
• Source: src/detectors/dotdefender.rs

​

FortiWeb

• Detection method: Response body matching with regex
• Key indicators: Body contains <h2 class="fgd_icon">block</h2> AND matches Attack ID pattern
• Source: src/detectors/fortiweb.rs:19

​

Front Door (Azure)

• Detection method: HTTP header matching
• Key indicators: Azure Front Door-specific headers
• Source: src/detectors/frontdoor.rs

​

Incapsula

• Detection method: Cookie-based detection
• Key indicators: Set-Cookie header contains “incap_ses” or “visid_incap”
• Source: src/detectors/incapsula.rs:13

​

Janusec

• Detection method: HTTP header and body pattern matching
• Key indicators: Janusec-specific response patterns
• Source: src/detectors/janusec.rs

​

Kona Site Defender

• Detection method: HTTP header matching
• Key indicators: Akamai-specific headers
• Source: src/detectors/kona.rs

​

NexusGuard

• Detection method: HTTP header and body pattern matching
• Key indicators: NexusGuard-specific response patterns
• Source: src/detectors/nexusguard.rs

​

Radware

• Detection method: HTTP header and body pattern matching
• Key indicators: Radware-specific response patterns
• Source: src/detectors/radware.rs

​

SafeLine

• Detection method: HTTP header and body pattern matching
• Key indicators: SafeLine-specific response patterns
• Source: src/detectors/safeline.rs

​

Sucuri

• Detection method: HTTP header and body pattern matching
• Key indicators: Sucuri-specific response patterns
• Source: src/detectors/sucuri.rs

​

Wordfence

• Detection method: HTTP header and body pattern matching
• Key indicators: Wordfence-specific response patterns
• Source: src/detectors/wordfence.rs

​

Zenedge

• Detection method: HTTP header and body pattern matching
• Key indicators: Zenedge-specific response patterns
• Source: src/detectors/zenedge.rs

​

Programmatic access

use whatwaf::list_detectors;

let detectors = list_detectors();
for detector in detectors {
    println!("Supported WAF: {}", detector);
}