A Web Application Firewall (WAF) helps protect web applications on your site by monitoring the traffic between each application and the external world. In order to interact with your website, the visitors have to pass through the WAF, which runs certain checks to make sure that everything is operating smoothly.
There are certain types of Web Application Firewalls that have become a standard because of their usefulness:
Blacklist WAF
A Blacklist WAF has been coded with specific rules on what kinds of traffic to exclude, while allowing everyone else to pass through.
Whitelist WAF
A Whitelist WAF operates on the opposite principle—it has a predefined list of who to allow in, and everyone who does not meet this criteria is excluded.
Network-based WAF
A Network-based WAF is generally hardware-based and installed locally. This optimizes performance, but is more expensive because it requires maintenance of the hardware.
Host-based WAF
A Host-based WAF is one that can be integrated directly into an application’s software. This avoids the maintenance of a network-based WAF and can be customized to perform perfectly with the application software. One negative aspect is the engineering time required to build and maintain such a WAF, as well as the consumption of local server resources.
Cloud-based WAFs
Cloud-based WAFs are a relatively new arrival on the scene. They are affordable, and are some of the most easy to use for those that don’t have programming experience (often, they’re a one-click install). Another benefit of cloud-based WAFs is that the service provider usually takes care of any necessary updates required to keep your WAF as secure as possible. Potential downsides to the cloud-based WAF are lack of customization and lack of transparency about how the WAF does what it does.
At CanSpace Solutions, we use ModSecurity. The platform provides a rule configuration language known as ‘SecRules’ for real-time monitoring, logging, and filtering of HTTP traffic based on user-defined rules.
By being embedded within the server or as a proxy server. Mod Security scans incoming and outgoing HTTP communications to the endpoint. Depending on how it’s configured, the engine will handle the connection and choose to pass, drop, redirect, return a given status code, execute a user script, and more.
To have ModSecurity firing on all cylinders, we use a ruleset provided by Comodo. These are being updated all the time, to make sure that we always have the latest data to keep your website secure.
For customers who want an extra layer of security, our partnership with Cloudflare, which makes the tool available to all website clients, gives them yet another Web Application Firewall that can be turned on and set up with custom rulesets.
Have a question about Web Application Firewalls and how they keep your site safe? Get in touch with us!