Fontys S7

Web Application Firewall

When exposing a website or service to the internet you need to expect some incoming attacks. You can protect yourself by building and using secure software, using a SOC, setting up a firewall, or using an intrusion prevention system. But there is another way to protect yourself even before the attacker or bad actor reaches your network or server. This is a web application firewall, WAF for short.

I began using a WAF when I started noticing a lot of incoming attacks on my intrusion prevention system (IPS). So I decided to take a look at where these attacks were coming from.

I noticed a lot of attacks coming from specific countries and searched for a method of blocking these countries for reaching my website. This could've been done by configuring my firewall at home but when I came across at the Cloudflare WAF, and a way of blocking them even before reaching my website I was sold.

So I blocked the countries that commonly attacked my services and the WAF's firewall log showed them attacking almost daily and sometimes even a lot. This showed me the importance of a WAF, and it wasn't even hard to set up. It is now protecting my domain and subdomains from common web attacks, it's giving my site hotlink protection so other sites can't use my website to serve files, and it's even proxying my actual IP giving me a sense of privacy. This way when people lookup the IP associated with my domains they'll see Cloudflare's IP and not mine.

Blocking common attacks and countries isn't the only thing it is good for. During the Log4J drama Cloudflare jumped on it immediately and added firewall rules to all their customers to protect them against Log4J. I could see people trying to use the exploit on my domain, but they got all blocked before they reached my servers. This really showed me how powerfull a WAF can be if it's configured correctly and that's not only good for blocking certain countries and hiding my IP.