---
title: About the agent mode (protection mode)
summary: null
url: https://www.fastly.com/documentation/guides/next-gen-waf/about-the-agent-mode
---

Agent mode (also known as Protection mode) is a site (also known as workspace) setting that determines how the Next-Gen WAF agent handles request processing. Options include:

- **Blocking:** enables request blocking and logging. This option actively protects your web application and provides visibility into your web traffic. Legitimate traffic is still allowed.
- **Not Blocking (also known as Logging):** enables request logging. This option provides visibility into your web traffic but doesn't actively protect your site (workspace).
- **Off:** disables request processing. The agent doesn't block or log requests. This option doesn't uninstall the agent.

> **HINT:** This guide discusses agent mode (protection mode) in the context of [using the Next-Gen WAF](https://www.fastly.com/documentation/guides/next-gen-waf). To enable protection mode using [Fastly DDoS Protection](https://docs.fastly.com/products/fastly-ddos-protection), check out our guide [about DDoS Protection](https://www.fastly.com/documentation/guides/security/ddos-protection/about-ddos-protection) instead.

## About the Blocking option

When the Agent mode (Protection mode) menu is set to `Blocking`, the Next-Gen WAF:

- logs requests based on [our storage policy](https://www.fastly.com/documentation/guides/next-gen-waf/data-storage-and-privacy/about-data-storage-and-privacy/#request-data-storage).
- blocks malicious requests from reaching your web servers and doing harm. [Threshold configurations](https://www.fastly.com/documentation/guides/next-gen-waf/thresholds/about-threshold-configurations/) and [rules](https://www.fastly.com/documentation/guides/next-gen-waf/rules/about-rules/) define the criteria used to evaluate and block individual requests.

When requests are blocked, the 406 response code is returned unless you specified a different [custom response code](https://www.fastly.com/documentation/guides/next-gen-waf/agent-response-codes/using-custom-agent-response-codes/). You can view non-sensitive portions of blocked requests and response metadata via the control panel and [API](https://www.fastly.com/documentation/guides/next-gen-waf/developer/using-an-api-with-the-next-gen-waf) you use to interact with the Next-Gen WAF.

## About the Not Blocking (Logging) option

When the Agent mode (Protection mode) menu is set to `Not Blocking` (`Logging`), the Next-Gen WAF logs requests based on [our storage policy](https://www.fastly.com/documentation/guides/next-gen-waf/data-storage-and-privacy/about-data-storage-and-privacy/#request-data-storage) and all traffic is allowed.

> **IMPORTANT:** The `Not blocking` (`Logging`) option never blocks requests. Requests that match rules with a block action will be allowed.

## Changing the agent mode (protection mode)

To change the agent mode (protection mode), compete the following steps:

### Next Gen Waf Control Panel

> **IMPORTANT:** If you've been assigned the [observer role](https://www.fastly.com/documentation/guides/next-gen-waf/account-info/using-user-roles-and-permissions/), you cannot change the agent mode.

1.   Log in to the [Next-Gen WAF control panel](https://dashboard.signalsciences.net).

2.   From the **Sites** menu, select a site if you have more than one site.

3. From the site navigation bar, click the agent mode indicator.

4. Click **Manage**.

   ![The agent mode selection page.](/img/ngwaf/changing-logging-mode.png)

5. From the **Agent mode** menu, select the agent mode for the site. Options include:

   - **Blocking:** enables request blocking and logging. This option actively protects your web application and provides visibility into your web traffic. Legitimate traffic is still allowed.
   - **Not Blocking:** enables request logging. This option provides visibility into your web traffic but doesn't actively protect your site.
   - **Off:** disables request processing. The agent doesn't block or log requests. This option doesn't uninstall the agent.

6. Click **Update**.

### Fastly Control Panel

> **IMPORTANT:** If you've been assigned the [user or billing role](https://www.fastly.com/documentation/guides/account-info/user-and-account-management/about-user-roles-and-permissions), you cannot change the protection mode.

1.   Log in to the [Fastly control panel](https://manage.fastly.com).

2.   Go to **Security** > **Next-Gen WAF** > [**Workspaces**](https://manage.fastly.com/security/ngwaf/workspaces).

3.   Click the gear <span class="inline-icons"><img src="/img/icons/gear.png" alt="Gear icon" /></span> next to the workspace that you want to modify.

4. Click **Protection mode**.

   ![The Protection mode setting set to Block](/img/ngwaf/edit-protection-mode.png)

5. Select the protection mode for the workspace. Options include:

   - **Block:** enables request blocking and logging. This option actively protects your web application and provides visibility into your web traffic. Legitimate traffic is still allowed.
   - **Log:** enables request logging. This option provides visibility into your web traffic but doesn't actively protect your workspace.
   - **Off:** disables request processing. The agent doesn't block or log requests. This option doesn't uninstall the agent.

6. Click **Update**.

## Related content

- [Using custom agent response codes](https://www.fastly.com/documentation/guides/next-gen-waf/agent-response-codes/using-custom-agent-response-codes)
- [Using an API with the Next-Gen WAF](https://www.fastly.com/documentation/guides/next-gen-waf/developer/using-an-api-with-the-next-gen-waf)