feat(waf): continue doc

Author: RoRoJ

pages/edge-services/how-to/assets/scaleway-add-exclusions.webp

@@ -48,3 +48,99 @@ WAF is not available for Object Storage bucket origins.
 4. Select a WAF **mode**. Requests judged to be malicious can either be **blocked** and prevented from passing to the Load Balancer origin, or **logged** but allowed to pass.
 
 5. Click **Save**
+
+WAF is enabled and you are returned to your Edge Services pipeline overview. You can disable or edit WAF settings at any time.
+
+## How to set exclusions
+
+Once you have enabled WAF, you can choose to set **exclusions**. Exclusions are a set of filters: requests that match the filters are not evaluated by WAF, and pass directly to your Load Balancer origin.
+
+1. In the Scaleway console, navigate to the Edge Services dashboard for the Load Balancer pipeline on which you want to set WAF exclusions.
+
+2. In the **WAF** panel, click **+ Add exclusions**. WAF goes into Edit mode.
+
+    <Message type="note">
+    You can only add exclusions **after** you have already enabled WAF.
+    </Message>
+
+    The following screen displays:
+
+    <Lightbox src="scaleway-add-exclusions.webp" alt="A screenshot of the Add exclusions popup in the Scaleway console, with an 'if' box to set a path regex value, and a 'then' box pre-filled to 'Bypass WAF'" /> TODO CHANGE NEW BUTTON?
+
+3. Set up to two filters for this exclusion. You can add either:
+  - One ***Path regex** filter, to match paths of requests to exclude. For example, TODO
+  - One **HTTP method** filter, to match te HTTP methods of requests to exclude. For example, enter one or more of `GET`, `PATCH`, `PUT`, `DELETE` etc. Requests that match any of these methods will be considered to match the HTTP method filter.
+  - One of each of the above (use the **Add filter** button to add the second filter)
+
+  If you include both a path regex and an HTTP method filter in the same exclusion, requests must match both of the filters in order to be excluded.
+
+  Currently, the only action possible to set for matching requests is **Bypass WAF** (matching requests will not be evaluated by WAF and will proceed directly to the Load Balancer origin.) In the future, more actions will be added.
+
+4. Click **Add** to add the exclusion.
+
+  You are returned to your Edge Services pipeline overview.
+
+5. **Optional** Click **Add exclusions** to add more exclusions, if you wish (maximum 100). Follow steps 3 to 4 each time.
+
+6. Click **Save changes** to exit Edit mode and save all the exclusions you added.
+
+## How to edit exclusions
+
+1. In the Scaleway console, navigate to the Edge Services dashboard for the Load Balancer pipeline on which you want to edit WAF exclusions.
+
+2. In the WAF panel, click <Icon name="edit" /> next to the exclusion you want to edit.
+
+3. Make edits to the filters as required. Remember, you cannot add more than one filter of each type (maximum of one path regex and one HTTP method filter per exclusion).
+
+4. Click **Confirm** when you have finished editing.
+
+  You are returned to your Edge Services pipeline overview, but you are still in Edit mode.
+
+5. Continue to edit or delete other exclusions as necessary.
+
+6. Click **Save changes** to exit Edit mode and save all your changes.
+
+## How to delete exclusions
+
+1. In the Scaleway console, navigate to the Edge Services dashboard for the Load Balancer pipeline on which you want to delete WAF exclusions.
+
+2. In the WAF panel, click <Icon name="delete" /> next to the exclusion you want to delete. 
+
+    WAF goes into Edit mode, and a pop-up displays, asking you to confirm the deletion.
+
+3. Click **Delete**.
+
+You are returned to your Edge Services pipeline overview, but you are still in Edit mode.
+
+4. Continue to edit or delete other exclusions as necessary.
+
+6. Click **Save changes** to exit Edit mode and save all your changes and deletions.
+
+## How to edit WAF configuration
+
+You can edit WAF's paranoia level and mode (log or block) at any time.
+
+1. In the Scaleway console, navigate to the Edge Services dashboard for the Load Balancer pipeline on which you want to edit WAF.
+
+2. In the WAF panel, click <Icon name="edit" />.
+
+3. Edit the paranoia level and mode as required.
+
+4. Click **Save**.
+
+    Your edits are saved, and you are returned to teh Edge Services pipeline dashboard.
+
+## How to disable WAF
+
+You can disable WAF at any time.
+
+1. In the Scaleway console, navigate to the Edge Services dashboard for the Load Balancer pipeline on which you want to disable WAF.
+
+2. In the WAF panel, click **Disable WAF**.
+
+    A pop-up displays, informing you that WAF will no longer evaluate, block or log requests to your Load Balancer origin.
+
+3. Click **Disable** to confirm.
+
+    WAF is disabled and you are returned to your Edge Services' pipeline overview.
+

pages/edge-services/how-to/configure-waf.mdx

@@ -13,23 +13,19 @@ categories:
   - network
 ---
 
-<Message type="note">
-WAF is in Public Beta, and currently available only via the [Edge Services API](https://www.scaleway.com/en/developers/api/edge-services/). It will be coming soon to the Scaleway console.
-</Message>
-
-If your Edge Services pipeline points towards a Load Balancer origin, you can choose to enable the **W**eb **A**pplication **F**irewall (WAF) feature, for added protection. This documentation page gives a detailed overview of WAF, and the different settings, modes and functionalities available.
+You can choose to enable the **W**eb **A**pplication **F**irewall (WAF) feature on your Edge Services pipeline, for added protection. This documentation page gives a detailed overview of WAF, and the different settings, modes and functionalities available.
 
 ## WAF overview
 
-When enabled, WAF protects your Load Balancer backend from potential threats.
+When enabled, WAF protects your Load Balancer origin or Object Storage bucket from potential threats.
 
-It does so by evaluating each request to your Load Balancer origin, to determine whether it is potentially malicious. Four different rulesets can be used to evaluate requests, each more aggressive than the last. The ruleset to use is determined by the **paranoia level** set by the user.
+It does so by evaluating each request to your origin, to determine whether it is potentially malicious. Four different rulesets can be used to evaluate requests, each more aggressive than the last. The ruleset to use is determined by the **paranoia level** set by the user.
 
-For requests judged to be malicious, WAF can either block them from passing to your origin (as shown in the diagram below), or simply log them but allow them to pass, depending on the settings you choose.
+For requests judged to be malicious, WAF can either block them from passing to your origin, or simply log them but allow them to pass, depending on the settings you choose.
 
-You can set **exclusions**, so that certain requests are not evaluated by WAF and are allowed to pass directly to your Load Balancer origin. Exclusion filters are based on the request path and/or HTTP request type.
+You can set **exclusions**, so that certain requests are not evaluated by WAF and are allowed to pass directly to your origin. Exclusion filters are based on the request path and/or HTTP request type.
 
-<Lightbox src="scaleway-edge-services-waf-diag.webp" alt="A diagram shows how Edge Services WAF deals with three different types of HTTP request. A request meeting the criteria for WAF exclusion is passed directly to the Load Balancer origin. A benign request is first checked by the WAF rules, then allowed to pass to the Load Balancer origin. A malicious request is checked by the rules, and blocked from passing to the Load Balancer origin." />
+TODO WAF diagram?
 
 ## WAF in an Edge Services pipeline
 
@@ -91,8 +87,6 @@ Each exclusion can consist of:
 
 ## WAF limitations
 
-- WAF is in Public Beta, and currently available only via the [Edge Services API](https://www.scaleway.com/en/developers/api/edge-services/).
-- WAF is only compatible with Load Balancer origins. It cannot be enabled for Object Storage bucket origins.
 - WAF protects your origin only, and not your cache.
 - You can add a maximum of 100 WAF exclusions
-- You cannot currently specify exclusions at the individual rule level. Requests matching exclusion filters bypass WAF entirely. 
+- You cannot currently specify exclusions at the individual rule level. Requests matching exclusion filters bypass WAF entirely.