Overview
A Web Application Firewall (WAF) is an application firewall for HTTP applications. A WAF applies sets of rules and performs behavioral analysis to block malicious traffic from your origin server.
WAF covers known vulnerabilities, such as OWASP Top 10, and other common CMS specific vulnerabilities. Based on the threat type, different rules will apply and different actions will trigger, such as a request block, a Captcha challenge, or a JavaScript challenge.
StackPath's WAF is comprised of a unique 2-tier SaaS.
The first tier is a cloud-based Central Security Cloud that analyzes traffic for:
- Behavioral profiling
- Inconsistency detection
- Reputation recognition
The second tier is edge nodes that enforce security policies and deliver services distributed by the cloud.
When a request matches a rule, a challenge (such as Captcha or JavaScript challenge) will be delivered to the user. For example, if the request contains a string that includes Select * from db, then the SQLi rule will trigger and the user will be blocked.
Anti-automation protection
Cyber-criminals use automation to carry out attacks on web applications for several reasons. Automation tools:
- Enable the attacker to hit more applications and exploit more vulnerabilities than other manual methods.
- Are available online and save the attacker time from studying attack methods and developing exploits that applications are vulnerable to.
- Are optimized to use resources more efficiently.
The StackPath WAF behavioral analysis blocks any non-human traffic. Advanced user behavioral analysis blocks automated scanners, bots, and other automated tools from accessing your application, while known bots, such are known search engine, are allowed.
IP Reputation
StackPath allows you to blacklist traffic that originates from well-known IP addresses. StackPath's Central Security Cloud constantly collects, updates, and validates these IP addresses using multiple sources. These IP addresses are blacklisted and published to all StackPath Service Nodes. With this information, you can decide to block, challenge, or allow traffic from highly suspect entities.
DDoS L7 Protection
StackPath's bot-detection technology blocks the following bots:
- Bots that share IP addresses with human users
- Bots that frequently change their IP addresses