Web Application Firewall (WAF) monitors, filters or blocks the traffic to and from a web application. A WAF inspects every HTML, HTTPS, SOAP and XML-RPC data packet. This firewall enables preventing attacks such as cross-site scripting (XSS), SQL injection, session hijacking, and buffer overflows through customizable web security rules.
You need to have the Update any CDN resource or Update own CDN resources permission enabled to access the WAF menu of a CDN resource.
Enable/Disable WAF Rules on CDN Resources
If you want to enable/disable WAF protection on your CDN resource, follow the procedure below:
- Go to Control panel's CDN Resources menu.
- Click the required resource label.
- On the page that appears, click the WAF tab.
- Move the WAF slider to enable/disable the protection. The menu allows you to turn on/off the following OWASP rules:
Drupal Exclusion Rules Request - these rules disable CRS on a set of well-known parameter fields that are often the source of false positives or false alarms of the CRS. This includes the session cookie, the password fields and article/node bodies.
- Wordpress Exclusion Rules Request - these exclusions remedy false positives in a default WordPress install.
- IP Reputation Request - these rules deal with detecting traffic from IPs that have previously been involved in malicious activity, either on our local site or globally.
- Method Enforcement Request - this rule detects HTTP Request Method Anomalies.
- DDoS Protection Request - these rules will attempt to detect some level 7 DoS (Denial of Service) attacks against your server.
- Scanner Detection Request - these rules are concentrated around detecting security tools and scanners.
- Protocol Enforcement Request - these rules center around detecting requests that either violate HTTP or represent a request that no modern browser would generate, for instance missing a user-agent.
- Protocol Attack Request - these rules focus on specific attacks against the HTTP protocol itself such as HTTP Request Smuggling and Response Splitting.
- Application Attack LFI Request - these rules attempt to detect when a user is trying to include a file that would be local to the webserver that they should not have access to. Exploiting this type of attack can lead to the web application or server being compromised.
- Application Attack RFI Request - these rules attempt to detect when a user is trying to include a remote resource into the web application that will be executed. Exploiting this type of attack can lead to the web application or server being compromised.
Application Attack RCE Request - this rule detects Unix command injections and protects against Remote Code Execution
Application Attack PHP Request - this rule detects PHP open tags "<?" and "<?php". Also detects "[php]", "[/php]" and "[\php]" tags used by some applications to indicate PHP dynamic content.
- Application Attack XSS Request - these rules are intended to prevent all cross-site scripting (XSS) attacks in your CDN resources and the CDN Accelerator.
Application Attack Sqli Request - these rules protect against common initial SQL injection attacks where attackers insert quote characters to the existing normal payload to see how the database responds.
- Application Attack Session Fixation Request - these rules focus around providing protection against Session Fixation attacks.
- Blocking Evaluation Request - these rules provide the anomaly based blocking for a given request.
- Data Leakages Response - these rules provide protection against data leakages that may occur generally.
- Data Leakages SQL Response - these rules provide protection against data leakages that may occur from backend SQL servers. Often these are indicative of SQL injection issues being present.
- Data Leakages Java Response - these rules provide protection against data leakages that may occur because of Java.
- Data Leakages PHP Response - these rules provide protection against data leakages that may occur because of PHP.
- Data Leakages IIS Response - these rules provide protection against data leakages that may occur because of Microsoft IIS.
- Blocking Evaluation Response - these rules provide the anomaly based blocking for a given response.
Correlation Response - these rules facilitate the gathering of data about successful and unsuccessful attacks on the server.
Note that you can enable a maximum of 10 WAF rules per CDN resource.
5. Click the Update button to save the changes.