Home Blog Tutorial
Tutorial

Securing Your API with WAF Basic

JP
Jordan Park
Security Researcher · Feb 25, 2025 · 8 min read

Your API is only as secure as its weakest endpoint. This guide shows how to configure WAF Basic to protect against the OWASP Top 10.

Enable WAF for your domain

nexatech waf enable --domain api.example.com --plan waf-basic

Configure rules

WAF Basic comes with managed rule groups. Enable the ones relevant to your stack:

nexatech waf rules enable \
  --group owasp-top-10 \
  --group sql-injection \
  --group xss-protection \
  --group path-traversal

Custom rules

Add a custom rule to rate-limit your login endpoint:

nexatech waf rule add \
  --name rate-limit-login \
  --match "path:/api/auth/login" \
  --action rate_limit:10req/min \
  --block-action captcha

Testing your rules

Use the WAF simulator to test rules without blocking real traffic:

nexatech waf simulate --payload "SELECT * FROM users WHERE 1=1"