WAF Features
The Prophaze Cloud WAF identifies and removes suspicious activity for HTTP GET and POST requests. Secure web application without changing your existing infrastructure or sacrificing performance.
WAF Protection receives about million requests every second, and the WAF constantly recognizes and blocks new possible threats. WAF’s rule sets result in latency of less than 1 millisecond. Its offers security control for websites, applications, and APIs hosted on multiple cloud environments. Protection’s network shields internet assets across all cloud providers.
Key features
- Use WAF rules set to protect applications
- Create your own firewall rules
- Visualize and threats with firewall analytics
- Machine learning-based behavioural detection
WAF contains 3 packages:
- Product Managed Ruleset
- Package: OWASP ModSecurity Core Rule Set
- Customer Requested Rules
- ML Based Autogenerating rulesets
Other points:
- The WAF introduces a limited amount of latency (approximately 100 microseconds).
- WAF changes take about 30 seconds to update globally.
-
uses proprietary rules to filter traffic. - Established Websockets do not trigger the WAF for subsequent requests.
- The WAF parses JSON responses to identify vulnerabilities targeted at APIs. The WAF limits JSON payload parsing to 128KB.
WAF false positives and false negatives
By default, the Web Application Firewall (WAF) is fully managed via the dashboard and is compatible with most websites and web applications. However, false positives and false negatives are possible considering the immense Internet:
- False positives: Legitimate requests detected and filtered as malicious.
- False negatives: Malicious requests not filtered.
Product Managed Ruleset
The Product Managed Ruleset contains security rules written and curated by the product owned Company. Click on a ruleset name under Group to reveal the rule descriptions. This Specials is a Group that provides core WAF security against common attacks. Additionally, only enable rule groups that correspond to your technology stack. For example, if you use WordPress, enable the WordPress group.
When viewing a ruleset, it shows default actions for each rule listed under Default mode. The Mode available for individual rules within a specific Product Managed Ruleset are:
- Default – takes the default action listed under Default mode when viewing a specific rule.
- Disable – turns off the specific rule within the group.
- Block – the request is discarded.
- Challenge – the visitor receives a CAPTCHA challenge page.
- Simulate – the request is allowed through but is logged in the Activity log.
The WAF change log allows customers to monitor ongoing changes to the Product Managed Ruleset.
OWASP package
OWASP ModSecurity Core Rule Set assigns a score to each request based on how many OWASP rules trigger. Some OWASP rules have a higher sensitivity score than others. After OWASP evaluates a request, it compares the final score to Sensitivity configured for the domain. If the score exceeds the Sensitivity, the request is actioned based on the Action configured within Package: OWASP ModSecurity Core Rule Set:
- Block – the request is discarded.
- Challenge – the visitor receives a CAPTCHA challenge page.
- Simulate – the request is allowed through but is logged in the Activity log.
The sensitivity score required to trigger the WAF for a specific Sensitivity is as follows:
- Low – 60 and higher
- Medium – 40 and higher
- High – 25 and higher
For Ajax requests, the following scores are applied instead:
- Low – 120 and higher
- Medium – 80 and higher
- High – 65 and higher
Review the Activity log to see the final score as well as the individual triggered rules.
SECURITY
| Key features | Benefit |
|---|---|
| Deep Packet Inspection, covering applications / Layer 7 | Ensures your standard and custom web applications are always protected from SQL injection, cross-site scripting attacks and thousands more |
| SSL | Terminate SSL connections without any overhead or additional latency. Apply your WAF policy to SSL encrypted traffic without having to upload certificates or invest in costly hardware solutions |
| For GET and POST HTTP/S requests | Covers range of HTTP/S traffic |
| URL-specific custom rule sets | Allows you to include/exclude specific URLs or subdomains for WAF protection to test domains or include/ exclude specific subdomains |
| DDoS mitigation integration | Allows full-stack protection against DDoS — no extra implementation required |
| IP reputation database integration | Real-time intelligence on over 1 billion unique IPs used to block malicious traffic — no extra implementation required |
| Virtual patching | Fixes a vulnerability before you patch your server or update your code, allowing you more time to patch and test updates. |
| Restrict by IP or geolocation | Can blacklist/whitelist traffic from specific IP addresses or countries to protect against hackers from specific IPs or countries |
| Low false positive | Overall 1/50M false positive rate ensures legitimate traffic reaches you |
| Full integration with CDN service, offering outbound content transformation | Reduces web latency for your site visitors — no extra implementation required |
Administration
| Key features | Benefit |
|---|---|
| High availability — built on service offering SLAs | Business and Enterprise customers enjoy 100% uptime guarantee and financial penalties if not met |
| No hardware, software or tuning required | Sign up with a simple change in DNS |
| PCI certification | The service has received Level 1 service provider certification |
Reporting
| Key features | Benefit |
|---|---|
| Real-time logging | Gain visibility to help you fine-tune the WAF |
| Access to raw log files | Enterprise customers can conduct in-depth analysis covering all WAF requests |
WAF Settings
| Key features | Benefit |
|---|---|
| Block | Blocking an attack will stop any action before it is posted to your website. |
| Simulate | To test for false positives, set the WAF to Simulate mode, which will record the response to possible attacks without challenging or blocking. |
| Challenge | A challenge page asks visitors to submit a CAPTCHA to continue to your website. |
| Threshold / sensitivity setting | Set rules to trigger more or less depending on sensitivity |
| Customizable block pages | Customize the page a visitor sees when they’re blocked, e.g. “Call this telephone number for help.” Available for Enterprise customers. |
| Customizable block pages | Customize the page a visitor sees when they’re blocked, e.g. “Call this telephone number for help.” Available for Enterprise customers. |
RuleSets
| Key features | Benefit |
|---|---|
| Automatic learning paired with security-driven research | Protects against zero-day vulnerabilities or new threats with patches automatically deployed by our security team |
| Compatibility with ModSecurity logic and format | Allows you to easily import existing rule sets to maintain existing protection |
| Core OWASP ModSecurity rule sets | Protects against OWASP vulnerabilities, the most critical flaws as identified by The Open Web Application Security Project (OWASP) — included as default with no extra fees |
| Zero-day rule sets | Rely on security team to protect you against threats identified across our customer base — included as default with no extra fees |
| Platform-specific rule sets for major CMS and eCommerce platforms | Receive protection out of the box with no extra fees for platforms such as WordPress, Joomla, Plone, Drupal, Magneto, IIS, etc. |
| Custom rules | Cover situations unique to your web application included as default with no extra fees for Business and Enterprise customers |