WAF
Web Application Firewall, a security measure that monitors incoming traffic to prevent malicious activitiesWAF stands for Web Application Firewall. It's a security measure that sits between a website and the internet, filtering and monitoring incoming HTTP/HTTPs traffic. The primary objective of a WAF is to block malicious requests or attacks like SQL injection, Cross-Site Scripting (XSS), and others, while allowing legitimate traffic to pass through. WAF, by default, is enabled for all SiteBox products that expose WordPress instances.
In a real life, when a user sends a request to access a web application, the WAF examines the request to determine if it's safe or malicious based on all rules, rulesets applied in the policy. If the request is deemed safe, it's forwarded to the web application; otherwise, it's blocked. This helps protect the web application from various vulnerabilities and attacks.
Rules, rulesets and policies
- Rules – are individual conditions or criteria that the WAF evaluates to identify whether incoming traffic is legitimate or malicious. A rule might be something like "block all traffic from IP address X" or "deny requests containing SQL keywords".
- Rulesets – are collections of individual rules that are grouped together, usually to serve a specific purpose or protect against a certain type of vulnerability, like SQL injection or Cross-Site Scripting (XSS).
- Policies – are essentially configuration profiles for the WAF that specifies which rulesets to apply under what conditions. It is a higher-level construct that helps you manage multiple rulesets and determine the overall behavior of the WAF.
Managed rulesets
Our infrastructure employs a Web Application Firewall (WAF) provided by Cloudflare to enhance security. We leverage rulesets managed by Cloudflare, which are continually updated to address the latest vulnerabilities published on the web, enabling us to mitigate zero-day threats with minimal latency.
For instance, these managed rules were instrumental in safeguarding our application against historical vulnerabilities like the Log4j flaw.
In addition to Cloudflare's managed rules, SiteBox implements its own set of rules. These were formulated by constant monitoring efforts as well as best practices in hardening, specifically designed to bolster the security of WordPress-based websites.
Enabled rulesets
| Ruleset | Description |
|---|---|
| Cloudflare Managed Ruleset | As per Cloudflare docs: Created by the Cloudflare security team, this ruleset provides fast and effective protection for all of your applications. The ruleset is updated frequently to cover new vulnerabilities and reduce false positives. |
| Cloudflare OWASP Core Ruleset | As per Cloudflare docs: Cloudflare's implementation of the Open Web Application Security Project, or OWASP ModSecurity Core Rule Set. Cloudflare routinely monitors for updates from OWASP based on the latest version available from the official code repository. |
| SiteBox WordPress Hardening Ruleset | The ruleset is based on industry best standards and provides on edge protection for WordPress specific websites that usually would be applied on a server layer. |
A list of detailed rules applied to each of rulesets can be provided by a SiteBox Support Team on a request.
Custom rules
If any of our clients wish to implement custom rules (such as geographic limitations, IP address restrictions, or allowing traffic only from specific IP ranges). We encourage to get in touch with our Support team for assistance. The team is equipped to tailor the firewall settings according to each client's unique requirements, ensuring a customized security environment. This allows our clients the flexibility to adapt their security measures to meet their specific operational or compliance needs, further enhancing the robustness of their web application's defense mechanisms.
See also:
Support
How to contact the SiteBox Team and get help