Web Application Firewall
Web Application Firewall (WAF) is a security feature integrated with CDN designed to protect users' web applications from cyber threats and attacks, thus facilitating improved application performance.
WAF serves as a fully managed Access Control List (ACL) that offers predefined rule sets that you can use to quickly implement security control against known vulnerabilities without manually having to set rule sets.
By default, the WAF is set to OFF
state. WAF can be enabled on a per-routing-rule level for your CDN distribution. It ensures that the origin servers behind your domain are protected based on the attack detection rules defined by OWASP® CRS. You can set WAF to an ON
state via the DCD or API; enabling WAF incurs an additional cost.
In IONOS CDN, the current maximum request body size that is analyzed is ~15 MB, and only Content-Type
, which is handled by the OWASP® CRS, is analyzed by the WAF. When the WAF is unavailable or cannot process the request, the CDN continues to process it without canceling it.
Features
Threat Detection and Mitigation: With WAF, CDN is secured from SQL injection attacks; WAF identifies and mitigates XSS attacks that aim to inject malicious scripts into web pages viewed by other users.
Predefined Rules: With fully managed rule sets readily available, you can quickly implement best practices and protect web applications against vulnerabilities without having to manually define rules.
Rate Limiting: With WAF, you can control the number of requests a user can make on a particular IP address. For more information, see Rate Limit Class.
Benefits
Enhanced Performance: WAF built within CDN blocks malicious traffic and reduces the load on the origin server, improving overall application performance and availability.
Higher Security: WAF protects websites against various web attacks so that they remain secure and operational. With predefined rule sets, DDoS Layer 7, and geo-blocking, content transmission within the CDN network is highly secure.
Scalability: A highly scalable WAF that provides global threat intelligence and protection, ensuring security scales alongside the application traffic.
Last updated