What is WAF?
Web Application Firewall (WAF) is software for securing web applications or webpages. It inspects incoming HTTP requests and applies a set of rules to decide which traffic should be blocked.
The automatic inspection of incoming content can block attack attempts. WAF protects the application layer, using pre-defined rules and algorithms detecting abnormal traffic.
The application firewall effectively protects against XSS (cross-site scripting) and SQL Injection attacks, as well as against so-called zero-day exploits, i.e. the most recently detected vulnerabilities of server software.
What does WAF protect against?
WAF ensures effective protection of webpages. They are the most frequent target for hackers who tamper with the application content to steal sensitive data or commit other frauds.
Hacker attacks lead to many serious consequences, including damage to the company reputation and customers’ trust. The company suffers huge financial damage related to data protection, loss of customers, and recovery of the website.
WAF protects against such attacks on the application layer as SQL injection, cross site scripting (XSS), command injection, and directory traversal. Such attacks may lead to data leaks, identity theft, and substitution of legitimate webpages with phishing pages.
Such attacks are frequently difficult to detect, because (in contrast to other attack types) they do not engage the link throughput and system resources intensively, but rather target specific vulnerabilities of your application. In certain cases, one computer is enough to effectively block a webpage or steal data.
How does WAF work?
WAF is active round the clock and protects all types of webpages and hosting services. Automatic protection against attacks guarantees 24/7 security of the webpage.
Attacks targeting mobile applications are classified on the OWASO 10 list, which means that they are among the most dangerous attacks targeting web layers. That is why it is so important to protect webpages and monitor webpage traffic on a continuous basis.
What rules are used by WAF?
The WAF application-protection system includes a set of rules based on the ModSecurity project, supplemented by our own proprietary solutions. The rules are developed in a selective manner to minimize false positives.
How often are the WAF rules updated?
The WAF rules are updated on a continuous basis. Our experts monitor new threats all the time and update the rule base without delay. The updated rule base becomes available to all our users immediately.
Can I add my own WAF rule?
Of course you can. However, to make sure it is implemented properly, it is recommended to get help from our team.
How can I disable a WAF rule?
To disable a WAF rule protecting the application layer, log into the User Panel and then select the “WAF Rules” tab, where you can personalize your settings by enabling or disabling individual rules.