Update WAF configuration and add browser-friendly rules

- Increased anomaly threshold to reduce false positives.
- Added new rules for browser integrity checks and logging.
- Improved SQL injection and XSS rules to prevent false positives.
- Introduced a new rules file for browser-friendly traffic handling.

Author: fabriziosalmi

Caddyfile

@@ -19,8 +19,10 @@
 		# WAF Plugin runs on all requests first
 		waf {
 			metrics_endpoint /waf_metrics
-			anomaly_threshold 10
-			block_countries GeoLite2-Country.mmdb RU CN KP
+			anomaly_threshold 20
+			# Using modified rules file that prevents false positives with Chrome browser requests
+			rule_file rules.json
+			# block_countries GeoLite2-Country.mmdb RU CN KP
 			# whitelist_countries GeoLite2-Country.mmdb US
 
 			# custom_response 403 application/json error.json
@@ -43,8 +45,6 @@
 				retry_interval 1h
 			}
 
-			rule_file rules.json
-			# rule_file rules/wordpress.json
 			ip_blacklist_file ip_blacklist.txt
 			dns_blacklist_file dns_blacklist.txt
 			log_severity info