I’ve been reading about WAFs as I’m trying to nail down a security option that I feel good about. I read about Cloud WAFs such as cloudflare, sucuri, stackpath etc… and it seems they are pretty easily bypassed, thus making them pretty pointless to begin with. It seems the best security is to have it right on the doorstep (the endpoint/origin server).
Any input/suggestions on this? I think it’s a important topic that definitely gets overlooked.
Cloud WAFs are great against BOTs, because they have access to loads of data to help them determine what is a “bad actor”. This is more of a bonus service than a must.
Then you’ve got your firewalls that sit right infront of your server. This is an absolute necessity as it stops sniffers and brute-forcers from attacking your server. These are normally provided by your hosting provider. However, these types of firewalls are standalone and aren’t good at detecting BOT attacks - But just locking down particular ports.
Thanks. That makes sense. I just wasn’t sure if having the BOT detection style firewall would be better at the server level instead of DNS. I think, armed with that information I feel good about the security solution for our site at this time. That’s been a good help.
On another note, you said you tried cloudways CDN setup and had issues with SSL. I’m on FULL ssl with letsencrypt on both sides and there have not been any issues. I’ve done a little pentesting as well and all seems good. So far, it has been the fastest CDN I’ve tried and the least amount of effort as well. I think if I didn’t use their built in WAF then I would go with KeyCDN as I’ve read some really great things about them as well. Just thought I would throw that out there since you tried cloudflare.
This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.