What is a WAF (Web Application Firewall)? Explained in simple terms!
A WAF or Web Application Firewall is security software that protects a website by filtering and blocking harmful web traffic such as cyberattacks.
Introducing the Quant Web Application Firewall (WAF)
We are excited to announce a new feature on the dashboard: the Quant Web Application Firewall (WAF)! Try it out and let us know what you think!
We are excited to announce a new feature on the dashboard: the Quant Web Application Firewall (WAF)! To safeguard any of your websites from web-based threats, you can now add WAF protection easily through the dashboard. Not only will this defend your websites against malicious attacks, but it can also help keep them in compliance with data security standards.
What’s a Web Application Firewall (WAF)?
A Web Application Firewall (WAF) is a security solution that protects websites by monitoring and filtering incoming traffic. It is specifically designed to protect against common web-based attacks such as cross-site scripting (XSS) and SQL injection. The WAF inspects traffic for malicious requests and blocks these before they can reach the web server. As web applications are increasingly targeted by cyber threats, a Web Application Firewall is an essential part of modern web security. Learn more in our What is a WAF article.
Why use the Quant WAF?
There are many reasons why using a WAF is beneficial:
- Common Attack Protection: One of the key features of the Quant Web Application Firewall is protection against common web-based attacks, so you keep your site data secure.
- Advanced DDoS Protection: You get basic Distributed Denial of Service (DDoS) protection by default to help your websites stay online when under high load from malicious traffic. The Quant WAF adds advanced rate limiting options to further mitigate against DDoS attacks.
- Configurable Security Rules: The Quant WAF implements the OWASP ModSecurity Core Rule Set and you can configure if any of these rules should be skipped for your site. You can also add additional website safeguards by configuring Http:BL and block dictionaries options.
- Data Protection Compliance: Data protection regulations such as PCI-DSS, GDPR and HIPAA have many requirements including blocking malicious traffic and protection against data breaches. A WAF is a key part of your data security protection strategy for proper compliance.
- Traffic Reports: The Quant WAF logs provide insights into unusual traffic patterns and potential cyber threats. By reviewing these regularly, you can tune your security settings for a better security posture.
How to use the Quant WAF feature?
Using the Quant Web Application Firewall is very simple. If your website is completely static, then you don’t need to worry about a WAF because there is nothing to hack. But, if you use a CMS or web application such as Drupal or WordPress, you simply create a proxy rule, enable the WAF for that rule, and configure the WAF settings that are best for your site.
Add a proxy rule
A proxy rule lets you map a URL to a backend web application. For example, say your website is mostly static, but you have some dynamic pages on your site that are served from a backend application. You create proxy rules to map to those backend routes.
- Go to the Rules section in the Dashboard
- Create a new rule
- Add the URL pattern to match on
- Choose Proxy for your action
- Enter your proxy address
- Click the checkbox to enable the WAF
Adding a proxy rule in Quant Rules.
Configure the WAF
There are several WAF settings you can configure including blocking or allowing certain IP addresses, skipping certain OWASP rules, and rate limiting based on IPs or headers.
It is recommended you start with “Report” mode while you are tuning your settings. Then, after gathering some data, check your reports for what would have been blocked and make sure it looks correct before switching to “Block” mode. Once you are in “Block” mode, if a team member is getting 403 (access denied) errors when trying to use the website, you can add them to the allowed IP addresses.
Here's the list of WAF settings. Check out the WAF documentation for more information on how to configure the WAF. And don’t hesitate to contact us if you need help getting set up.
- WAF mode and level
- Rules and IP overrides (skip/allow/never allow)
- Block dictionaries
- Http:BL
- IP rate limiting
- Request header rate limiting
- Notification settings
Enabling Quant WAF and available settings.
Quant WAF logging and reports.
Feedback welcome!
If you have any questions or have suggestions for making the WAF feature more useful, contact us and let’s talk!
About QuantCDN
Quant is a global static edge; a CDN & WAF combined with static web hosting. We provide solutions to help make WordPress and Drupal sites static, as well as support for all popular static site generators.
Related Posts
What is basic authentication? Explained in simple terms!
Basic authentication is a small browser popup that can show up on a web page that requires you to provide a username and password to access the web page.
Quant
October 16, 2022
Using Quant's flexible Page Rules feature
We recently added more feature updates to Page Rules. Let’s take a quick look at all the flexible rule options in the dashboard.
