Carrier based WAF 2.0

Two years ago at the CeBit conference, Serverius launched the first version of their DDoS Protection software. After this, lots of new features were added on a weekly base, which made it the most advanced and flexible DDoS protection service currently on the market. And yes, we’re proud! More and more users use it to protect their own IP space. Not only to have their uplinks clean, but even more to keep their applications online. Our base principle is to let our users create their own IP security layer and let it automatically be tweaked afterwards by our flow analyzing software which works out very well. The interaction with Flowspec rules, botnet blocking, advanced traffic insights made it really part of the users own infrastructure.

We are one of the 3 largest DDoS scrubbing companies in Europe. One competitor told us 2 years ago that our service was “way to complicated for users”, and it would not be used by large clients. We have seen exactly the opposite. This same guy told me today the opposite by telling that “Serverius is currently the only annoying kid of the class where the big guys should worry about”. So quite some nice compliment.

In the beginning there were some bugs and weaknesses in our service and in the early days our system went down after some large attacks. And even today there is a lot to add and to improve. But after fixing all known problems and adding really a lot of cool features our service became one of the best DDoS protection services in Europe with protecting more than a few thousand attacks a month. It showed the product is doing more than good.

After adding more and more to our IP Protection Cloud, more and more users asked us to add more application based protection technologies like IP reputation blocking, load balancing, WAF etc. Because our current IP cleaning services are based on traffic flows and the layer 7 DDoS protection within mostly commercial hardware devices we needed a new platform to inspect real application data traffic. We searched for known commercial suppliers which could be used but unfortunately no hardware vendor could offer us any of these. No one could handle even 30Gbps of real time application scrubbing… Even one of the suppliers told us: “if you really need scrubbing above this volume, you have a serious problem”. So there was only 1 solution, we needed to build our own.

To begin, we build a flexible and ultra fast processing cluster that will be the technical infrastructure layer of all upcoming services. Because we do not know how much processing power we will need in the future we created a hardware cluster that is able to scale up when there is a need of extra load. For example, when extra performance is needed, new hardware will automatically be powered on, installed, configured and added to the cluster. All in just minutes. This way hundreds of servers can simply be added that will give us an unlimited amount of processing power to handle 100Gbps data traffic with ease.

Because of the large amount of client request we started with adding a Web Application Firewall. This week we launched the first beta version. It’s a start where experienced users will see some technical limitations. But the same like we did with our DDoS protection, it’s a base platform from where we add extra functionality on a weekly basis. So there is much more to come! We expect that before the end of this year it will already be a full featured WAF service that will offer more functionality then some competitors. And all with outstanding performance, configurable by API, with full featured logging exports, working together with other IP Protection Cloud IP tooling like the DDoS Protection. Currently the available functionality is a bit poor, but still the base of any WAF you will find on the internet:

 

  • Rule based web application firewalling. Users can choose to add pre-configured application rules, and create their own personalize rules
  • Own WAF external rule importing by URL
  • SSL/TLS traffic filtering
  • SSL/TLS offloading
  • Event logging
  • Log metrics and statistics


The WAF module dashboard overview.

You can use all kinds of existing WordPress, OWASP, XSS, Node validator, remote command execution, remote file inclusion, PHP code injection, SQL injection, cross-site scripting WAF rules.


You can also create your own rules.

Currently this functionality can only be done by the web interface. Later on this also can be performed by (rest) API.

Pay as you use

For now the WAF is offered as a beta service to all existing DDoS Protection Cloud users. This way people can use it as-is at least till December and give us feedback to improve the service. Later on it will be offered in a default free version where heavy users will need to pay per page request. It’s like normal users with few thousand website visitors can use it by the web interface for free, larger ones with full API access and unlimited host creation need to pay per page request. Pricing will be determent at the end of this year, for now everyone can just use it for free.

Send us your wish list!

Like you can see, we made a first start to something really cool. In the upcoming months new things will be added to apply to our users needs. If there is anything you would need us to add, please let us know by sending an email to waf@serverius.net. Our team will be happy to listen and add your request to the next to-do list!