Web Application Firewall
OWASP Top 10 Core Rule Set support that protects your web application and stops attacks.
The Web Application Firewall its OWASP Top 10 Core Rule Set (CRS) is a set of generic attack detection rules, developed by owasp.org. Qbine its WAF-as-a-Service functionality supports many common attack categories including SQL Injection (SQLi), Cross-Site Scripting (XSS), Local File Inclusion (LFI), Remote File Inclusion (RFI), Remote Code Execution (RCE) and PHP Code Injection.
Qbine’s Web Application Firewall
Qbine is one of the most advanced security and optimization products in existence – and what is a security product without a web application firewall? Let’s start with explaining the definition of a web application firewall, its features, and what it does.
What is a Web Application Firewall?
A web application firewall (hereafter referred to as WAF) is a software program that monitors and filters HTTP traffic between a server and the user. HTTP is an abbreviation for Hypertext Transfer Protocol and is a communication method for the world wide web (internet). Every request you make on a website uses this hypertext transfer protocol.
A web user’s request travels directly from their electronic device to your backend and back. To monitor and filter the HTTP request, you need to redirect the traffic to Qbine before it comes to your backend/servers. This can be accomplished by changing your Domain Name System (DNS) A-record. In your DNS you are telling the browser to direct the request to Qbine’s IP instead of yours. At this very moment, Qbine intercepts the traffic and starts to monitor and filter your traffic. Inside Qbine you can amend the settings to forward your traffic to your IPs. This way Qbine knows where to redirect the request after all the tests.
The web application firewall tests consist of rules to find malicious requests. When there is a match, it will perform an action. An action could be to block the request or it can ask the user for validation with the captcha function.
How does the Qbine Web Application Firewall work?
Before we go any further into Qbine’s WAF, it is important to know more about HTTPS traffic and SSL offloading. HTTPS is the secured version of the HTTP where the additional S stands for ‘secure’. To fully understand what is happening inside Qbine, you must also know how SSL offloading works.
For example: when sending a contact form online, the form and its data are submitted: this is a request to server websites. Qbine is a reverse proxy. The reason Qbine works as a reverse proxy is for the SSL offloading: it allows us to look inside the request. Qbine generates an SSL certificate the moment your website is validated and the first request is going through it. An SSL certificate is used so no one can see what’s inside a request between your customers and your backend.
Qbine can see inside the request via SSL offloading. Every secure request is encrypted and if you have generated the SSL certificate you can also decrypt it. When Qbine has decrypted the request inside the proxy, the WAF will try to match every rule you have turned on with the decrypted request. If there is a match, the accompanying action of the rule will be performed. When there isn’t a match, the request is valid and gets encrypted again before forwarding it to your backend.
The Rules from the Web Application Firewall
The OWASP top 10 is used in Qbine’s WAF. More rules and rule groups are created additionally. This way you are in control of all the rules: these can be turned on and off as you please.
All request blocks and the reason why the request is blocked can be found inside the logs. If it is a rule, you can disable the rule for the current website. You are able to finetune your protection and decide which rules don’t apply to your website. Custom rules can also be generated.
There is a rule group specifically created for WordPress users. Next to all the rule groups that protect your website, this rule group is created with all the vulnerabilities from WordPress.