The Application Firewall is a mechanism that protects your website from attackers.
This protection is active by default and it includes the following:
- HTTP Protection protects against HTTP attacks
- Common Web Attacks Protection - protecting common web application exploits
- Automation Detection - tracks bots, crawlers, scanners, and other malware and blocks their activity
- Tojan Protection - tracks incoming and outgoing trojan traffic
- Hide error messages - to prevent any error messages from being exploited
You'll find this option in your Subdomain Settings. It is generally recommended to leave this option always on, as the Application Firewall can prevent many security risks.
The Application Firewall should only be disabled by technically savvy users and even then, at best, only for testing purposes.