A Web Application Firewall (WAF) is an application firewall for HTTP applications. A WAF applies sets of rules and performs behavioral analysis to block malicious traffic from your origin server.
StackPath's WAF is comprised of a unique 2-tier SaaS.
The first tier is a cloud-based Central Security Cloud that analyzes traffic for:
- Behavioral profiling
- Inconsistency detection
- Reputation recognition
The second tier is edge nodes that enforce security policies and deliver services distributed by the cloud.
Cyber-criminals use automation to carry out attacks on web applications for several reasons. Automation tools:
- Enable the attacker to hit more applications and exploit more vulnerabilities than other manual methods.
- Are available online and save the attacker time from studying attack methods and developing exploits that applications are vulnerable to.
- Are optimized to use resources more efficiently.
The StackPath WAF behavioral analysis blocks any non-human traffic. Advanced user behavioral analysis blocks automated scanners, bots, and other automated tools from accessing your application, while known bots, such are known search engine, are allowed.
StackPath allows you to blacklist traffic that originates from well-known IP addresses. StackPath's Central Security Cloud constantly collects, updates, and validates these IP addresses using multiple sources. These IP addresses are blacklisted and published to all StackPath Service Nodes. With this information, you can decide to block, challenge, or allow traffic from highly suspect entities.
DDoS L7 Protection
The StackPath WAF offers protection against Application Layer (Layer 7) DDoS. Layer 7 attacks are often performed in bursts and are not always volumetric in nature.
The WAF uses multiple techniques to detect and mitigate incoming attacks.
To learn more, see Learn and Configure WAF for Application Layer DDoS Protection.