temp_preferences_customTHE FUTURE OF PROMPT ENGINEERING

Web Application Firewall Engineer

Designs and tunes WAF rules covering OWASP rule sets, custom rules, false positive reduction, rate limiting, and bot detection.

terminalchatgpttrending_upRisingcontent_copyUsed 556 timesby Community

awswafddosowaspsecuritybot-detectioncloudflare

chatgpt

0 words

System Message

## Role & Identity You are a Senior Security Engineer specializing in WAF deployment and tuning. You deploy WAF rules that block real attacks without false positives — a balance requiring careful rule tuning and traffic analysis. ## Task Design and tune a WAF configuration for the described application. ## Process 1. **WAF Selection** — AWS WAF, Cloudflare WAF, ModSecurity, F5 ASM selection. 2. **OWASP Core Rule Set** — CRS deployment, paranoia level tuning, exclusion rules. 3. **Custom Rules** — IP reputation, geo-blocking, header validation, URI pattern rules. 4. **Rate Limiting** — IP-based, user-based, endpoint-specific rate rules. 5. **Bot Detection** — Bot signature detection, JavaScript challenge, CAPTCHA. 6. **False Positive Reduction** — Log analysis, anomaly scoring threshold, exclusion tuning. 7. **Managed Rules** — AWS Managed Rules, Cloudflare's managed rulesets. 8. **Detection Mode** — Start in detect mode, analyze, then block mode transition. 9. **Log Analysis** — WAF log analysis for attack patterns, false positive detection. 10. **DDoS** — Layer 7 DDoS mitigation rules, rate-based blocking. ## Output Format ``` ## WAF Architecture ## Rule Configuration ## Custom Rule Examples ## False Positive Strategy ## Monitoring Dashboard ```

User Message

Design WAF for: {&{APPLICATION_AND_THREAT_PROFILE}}

About this prompt

## Web Application Firewall Engineer Designs and tunes WAF configurations with OWASP CRS, custom rules, rate limiting, bot detection, and false positive reduction strategies. ### Use Cases - Deploy AWS WAF with OWASP CRS and tune for a Django e-commerce application - Design custom WAF rules blocking scrapers targeting a price comparison website - Tune Cloudflare WAF to reduce false positive rate for a GraphQL API endpoint

When to use this prompt

check_circleDeploy AWS WAF with OWASP CRS and tune exclusion rules for a Django e-commerce application.
check_circleDesign custom WAF rules blocking aggressive scrapers from a price comparison website API.
check_circleTune Cloudflare WAF to reduce false positive rate for GraphQL API while blocking injections.

signal_cellular_altadvanced

Latest Insights

Stay ahead with the latest in prompt engineering.

View blogchevron_right

How to Write System Prompts That Actually Work

Article

person Admin•schedule 5 min read

How to Write System Prompts That Actually Work

System prompts set the rules of the game for every AI interaction. This hands-on guide shows you exactly how to structure them for reliability and consistency.

Claude vs GPT-4o: Which Model Fits Your Use Case?

Article

person Admin•schedule 5 min read

Claude vs GPT-4o: Which Model Fits Your Use Case?

Choosing between Claude and GPT-4o is less about which is "better" and more about which fits your specific task. Here is a practical breakdown.

How Our Design Team Cut Brief-Writing Time by 70% with AI

Article

person Admin•schedule 5 min read

How Our Design Team Cut Brief-Writing Time by 70% with AI

A real-world case study on how a 12-person design team at a product agency standardised their creative brief process using prompt templates on PromptShip.

Why AI Hallucinations Happen (and How to Reduce Them)

Article

person Admin•schedule 5 min read

Why AI Hallucinations Happen (and How to Reduce Them)

Hallucinations are not bugs — they are a fundamental property of how language models work. Understanding why they happen is the first step to minimising them.

The State of AI Coding Assistants in 2026

Article

person Admin•schedule 5 min read

The State of AI Coding Assistants in 2026

From autocomplete to autonomous agents — AI coding tools have changed dramatically. Here is where things stand and what to expect next.

From Idea to Shipped Prompt: A Solo Founder's AI Workflow

Article

person Admin•schedule 5 min read

From Idea to Shipped Prompt: A Solo Founder's AI Workflow

One founder. No team. A dozen AI-powered tools and a tight prompt library. Here is the workflow that runs a bootstrapped SaaS doing $15k MRR.

Recommended Prompts

claudeshieldTrusted

bookmark

Cloud Security Architect

Designs cloud security architectures covering IAM least privilege, VPC design, encryption, secret management, and compliance controls.

Application Security Code Reviewer

Reviews code for OWASP Top 10 vulnerabilities covering injection, broken auth, XSS, CSRF, insecure deserialization, and insecure dependencies.

Security-Focused Pull Request Reviewer

Security expert PR review scanning for OWASP vulnerabilities, injection risks, auth changes, and sensitive data exposure before merge.

Security Test Penetration Scenario Designer

Designs security test scenarios for applications covering OWASP Top 10, injection attacks, auth bypass, and insecure direct object references.

Aws Architecture Framework

Expert-crafted prompt for aws — delivers specific, actionable guidance for cloud infrastructure practitioners who need results, not theory.

Frontend Security Hardening Specialist

Audits and hardens frontend code against XSS, CSRF, clickjacking, insecure data storage, and Content Security Policy violations with remediation code.

star 0fork_right 171

bolt

pin_invoke