[WAF] About Cloudflare WAF functions [Security]
This is Ohara from the technical sales department.
This article summarizes
Cloudflare (Information as of June 2022)
Cloudflare WAF overview
Cloudflare WAF (Web Application Firewall) is an advanced software that keeps applications secure and productive, stops DDoS attacks, evades bots, detects anomalies and malicious payloads, and monitors browser supply chain attacks. Application security platform.
Cloudflare's powerful application security capabilities are integrated with other leading application performance portfolios and, like the foundation of Cloudflare CDN, are delivered from global cloud platforms around the world.
Key features of Cloudflare WAF
Cloudflare WAF is powered by a global edge network spanning 250+ cities in 100+ countries with instant, unlimited scaling.
Security features | Main features |
Layered protection from multiple WAF rulesets Prevent malicious payloads in request components with multiple rulesets. | ・Rules managed by Cloudflare ・Third party rulesets (OWASP TOP 10) ・Custom rulesets to stop attacks |
WAF ML (machine learning based detection) | WAF custom rules leverage ML-generated attack scores to stop bypasses, attack variations, and anomalies. |
Updated rules for zero-day protection | Rules are continually updated by the Cloudflare security team to protect against new attacks and zero-day vulnerabilities before patches and updates become available. |
Platform-specific rule sets for major CMS and e-commerce platforms | Protect platforms such as WordPress, Joomla, Drupal, Magneto, and IIS at no additional charge. |
Custom rule configuration | When deploying a rule or ruleset, choose from BLOCK / LOG / CHALLENGE / CAPTCHA / RATE LIMIT and other options. |
Advanced rate limiting | Rate limit individual IP addresses or block abuse, DDoS, and brute force attacks that target your applications and APIs by header, ASN, or country. |
IP reputation database | Block connections from malicious IP addresses using real-time intelligence of over 1 billion unique IP addresses. |
Data loss prevention | Block responses that contain personally identifiable information or sensitive data such as financial information, credit card numbers, API keys, and other secrets. Exposed Credential Checking Detects brute force attacks with stolen credentials before end user accounts are compromised. |
SSL/TLS | Completely mitigate and configure SSL traffic for your applications. |
Fewer false positives | Rules tested with high volumes of traffic to minimize false positives. |
gRPC and WebSocket support | Proxy and secure gRPC and WebSocket endpoint traffic. |
Customizable block page | Customize block pages to suit your site visitors. |
summary
Cloudflare WAF is a service that combines with Cloudflare CDN itself, enabling default WAF functionality with a simple click from the console. Also, the above Cloudflare WAF features are just examples; Cloudflare's Enterprise plan offers even more flexible and customizable features.
Beyond also provides Cloudflare CDN and WAF construction, operation and maintenance services Please feel free to contact us when implementing Cloudflare.