Why do you need a Web Application Firewall?
A recent study suggests that a hacking attack occurs every 39 seconds over the internet. WIth more than 40% of these attacks targeting small and medium sized businesses. Hackers and other malicious actors are always looking out for vulnerabilities that can be exploited in a website.
Your company’s website may be vulnerable due to small oversights suchs as skipping sanitization and verifications of input fields, or the presence of vulnerable forms. This would allow hackers to run scripts, database queries or even insert malicious files into the system.
Alternatively, you may be using a CMS( WordPress, Drupal etc) to help run and create your website; using plugins and themes to add extra functionality. WordPress currently powers over 35% of the internet. This makes WordPress a very lucrative target for malicious actors. These attackers actively seek to exploit vulnerabilities in the plugins and themes provided by WordPress. Leading to the possible exploitation of any website using those plugins.
These vulnerabilities can lead to unauthorized access to your website or a leak of sensitive information. To protect your site from these types of attacks we recommend using a Wireless Application Firewall.
What does a Web Application Firewall (WAF) Do ?
The OWASP provides a broad technical definition for a WAF as “a security solution on the web application level which – from a technical point of view – does not depend on the application itself.”
A WAF keeps a track of the HTTP traffic that comes to your website/web application. It monitors all requests coming to your web application/website. If the WAF feels that the incoming requests are suspicious ie. if the incoming request can harm your website (eg. the request may contain some code that can make some changes to your database), the WAF blocks those requests and protects your website from unwanted attacks. A WAF filters and blocks suspicious or unwanted HTTP traffic to and from a web application.
How the miniOrange Web Application Firewall(WAF) Works
Our firewall works by keeping a list of blacklisted IP addresses. An IP address can be explicitly blacklisted by an admin. Or it can be blocked if our WAF detects that the IP address may be involved in initiating attacks against your website. Whenever a request comes that IP address is checked in whitelisted IPs (Only admin can whitelist IPs). If the IP is not whitelisted then It checks in blacklisted IPs. If the IP is blacklisted then IP won’t be able to access the site content. If the IP is not blacklisted then it’s requests go through a filter where it scans for scripts, database queries and malicious files. If it matches any of them, that IP gets blocked. After a number of attacks(when attack limit exceeds) we catch that IP into the blacklist.
The WAF protects your site from various cyber attacks.
It keeps monitoring traffic coming to your site. From this traffic only legitimate requests are allowed to access your site.
How the miniOrange WAF Protects your WordPress Website?
PROTECTION AGAINST OWASP TOP 10
Owasp Top 10 are critical issues and risks to and web-application. These are pointed but non-profit organization Open Web Application Security Project(Owasp) which works on improving security. It includes many popular attacks like SQL Injection, Cross-site Scripting, XML External Entities, Security misconfiguration and others. miniOrange WAF adds a layer on top of the application and protects against these attacks and prevents any misuse of vulnerability.
RATE VOLUME LIMITING
Rate limiting is a feature which protects your site from Denial of Service(DoS) attacks. DoS attackers send a large amount of requests in a very short period of time. Causing the server to fail while processing these requests. Resulting in your site going down.
In the miniOrange Plugin, by default the rate limit is set to 240 requests per minute for each IP. In cases where an IP’s requests in a minute goes higher than 240 requests in a minute then that IP gets blocked. We provide you with the option to either Throttle the IP, which will cause it’s requests to be blocked for a short period of time; or we offer an option to Block the IP, rendering it permanently blocked from accessing your website.
While bots with good intentions cannot be ignored, there are also bots with malicious intent. Used multiple purposes ranging from attacking sites to web Scraping. With miniorange you can detect bots with malicious intent and stop them from accessing or effecting your site in any way.
Live Monitoring and Auditing
Tracking activity all the requests realtime can help you check activities on your sites on important events. miniOrange also provides an analysis of all the requests so that it is easier for customers to know more about the traffic on the website and plan actions based on that.
The miniOrange Website Security Plugin
It is simple and easy to set up a plugin to secure your website. You can directly install the plugin from the WordPress marketplace and activate WAF. Any Request coming to WordPress is first captured by the miniOrange WAF and is analyzed and monitored before it can be executed.
Through the plugin the request is scanned on the server where WordPress is installed. The miniOrange Firewall is initiated before WordPress is initiated which means every request reaching the website will first be scanned by miniOrange Firewall and then passed to WordPress. So any genuine request is passed to the WordPress and a malicious request is stopped from moving forward. This WordPress is safe and secure.
miniOrange Website Security On-premise Solution
When you use a Firewall plugin on WordPress the request reaches the server after which it is scanned and then the action is taken. While this is good for a new website or any website with low traffic but is never enough medium to large scale website with a lot of traffic.
In this solution, WAF and your website will be on two different servers. The frontend server will be your WAF will accept all the requests and pass the only genuine request to the backend server where your site is hosted. Here no one but only frontend servers are aware of the Backend server address. So any malicious request is stopped on frontend server and the attacker will never know about the backend server with the actual website.
Advantages of an On Premise Web Application Firewall(WAF)
- Easy to use.
- No setup required.
miniOrange Website Security WAF Cloud Solution
This solution works exactly as the On-Premise solution with the only difference being the front end server which will be a miniOrange server where all the requests would arrive and miniOrange will forward the genuine request to the corresponding website server. You will configure your website where the request will be sent from miniOrange Cloud WAF. With multiple servers across the globe the request will pass from the nearest server making it fast and efficient.
Advantages of a Cloud based Web Application Firewall
- Any malicious request blocked for one customer can be updated to customers across the cloud network.
- Easy to set up and configure.
- Protects the application server from outside attacks
If you still have any queries or are curious about how miniOrange can protect your website. Please feel free to reach out to us through https://security.miniorange.com/contact/.