Help Center

  1. StackPath Help
  2. WAF
  3. Supplemental Information

Learn About the StackPath WAF

Avatar
Kevin Bond
Updated:

Overview

A Web Application Firewall (WAF) is an application firewall for HTTP applications. A WAF applies sets of rules and performs behavioral analysis to block malicious traffic from your origin server.

WAF covers known vulnerabilities, such as OWASP Top 10, and other common CMS specific vulnerabilities. Based on the threat type, different rules will apply and different actions will trigger, such as a request block, a Captcha challenge, or a JavaScript challenge.

StackPath's WAF is comprised of a unique 2-tier SaaS.

The first tier is a cloud-based Central Security Cloud that analyzes traffic for:

  • Behavioral profiling
  • Inconsistency detection
  • Reputation recognition

The second tier is edge nodes that enforce security policies and deliver services distributed by the cloud.

When a request matches a rule, a challenge (such as Captcha or JavaScript challenge) will be delivered to the user. For example, if the request contains a string that includes Select * from db, then the SQLi rule will trigger and the user will be blocked.

Anti-automation protection 

Cyber-criminals use automation to carry out attacks on web applications for several reasons. Automation tools: 

  • Enable the attacker to hit more applications and exploit more vulnerabilities than other manual methods.
  • Are available online and save the attacker time from studying attack methods and developing exploits that applications are vulnerable to. 
  • Are optimized to use resources more efficiently.

The StackPath WAF behavioral analysis blocks any non-human traffic. Advanced user behavioral analysis blocks automated scanners, bots, and other automated tools from accessing your application, while known bots, such are known search engine, are allowed.  

IP Reputation 

StackPath allows you to blacklist traffic that originates from well-known IP addresses. StackPath's Central Security Cloud constantly collects, updates, and validates these IP addresses using multiple sources. These IP addresses are blacklisted and published to all StackPath Service Nodes. With this information, you can decide to block, challenge, or allow traffic from highly suspect entities.

DDoS L7 Protection 

StackPath's bot-detection technology blocks the following bots: 

  • Bots that share IP addresses with human users
  • Bots that frequently change their IP addresses 
Was this article helpful?

Related articles

Not finding what you need?

95% of questions can be answered using the search tool. This is the quickest way to get a response.

Contact Us