OWASP on subdomain

Hi,

I have 3 subdomain. I would like to enable OWASP on 1 particular subdomain. How can I achieve that?

If you’re on a paid plan, OWASP should be enabled for the entire zone by default. Is it?

If so, I don’t see a way to control it at the subdomain level, though. Other than an entire WAF disable for that subdomain using a Page Rule.

sdayman,

do u know the default owasp setting is it set as medium or high? default block or challenge? and which rules are enabled by default in owasp?

I suspect it’s Medium with a Challenge, as that’s what’s showing on mine. And I don’t recall ever changing it.

EDIT: Mine has all on, except for: PHPbb, Joomla, SQL Injection, and URI XSS. I probably turned the WordPress one on myself.

And all rules are enabled by default? or some are disabled?

Does anyone know the default for owasp rules which are bydefault on and off

and 1 more help that I need. Does anyone has any block in firewall log using OWASP in last 1 month. I wonder if OWASP is working for anyone?