Sandbox Mode
Test security policies, caching rules, and rate limits without sending actual traffic to your backend origin or impacting production analytics.
What is Sandbox Mode?
Sandbox Mode is a virtual testbed that simulates EdgeWrap's request processing lifecycle. Instead of calling the real endpoint and passing traffic, you post request parameters directly to our sandbox simulation API. The simulation executes WAF rules, edge rules, and cache keys, returning a detailed execution trace.
Testing via Sandbox API
Make a POST request to /v1/projects/{projectId}/waf/sandbox-call or /v1/projects/{projectId}/cache/sandbox-call with the simulated request headers, path, method, and query string.
Simulate a suspicious request
curl -X POST https://server.edgewrap.pro/v1/projects/prj_01jxyz/waf/sandbox-call \
-H "Authorization: Bearer <your_token>" \
-H "Content-Type: application/json" \
-d '{
"method": "GET",
"path": "/api/users",
"queryString": "id=1' UNION SELECT username, password FROM users--",
"ip": "203.0.113.1",
"userAgent": "curl/7.68.0"
}'Understanding the Simulation Trace
The simulation returns an object showing the decision, matching rules, action taken, and detailed reason.
WAF simulation response
{
"success": true,
"data": {
"decision": {
"action": "block",
"reason": "SQL injection pattern detected in query string",
"threatType": "sql_injection"
}
}
}Tip: Use Sandbox Mode in your CI/CD pipelines to verify that modifications to edge rules or custom security filters do not accidentally block legitimate application endpoints before deployment.