How to manage Supersonic CDN Firewall

The Supersonic CDN Firewall option allows you to protect your business-critical web applications from malicious attacks, with no changes to your existing infrastructure. With a Web Application Firewall (WAF), your website will be more secure and less vulnerable to attack, because it controls incoming and outgoing traffic. Supersonic CDN contains the following options:

DDoS Configuration

IP rules

WAF Mode

API URL Configuration

User Agents

WAF & OWASP Top Threats

CSRF Attacks

IP Reputation

Behavioral WAF

Anti-Automation & Bot Protection

CMS Protection

Allow known Bots

DDoS Configuration

DDoS configuration protects your website from DDoS (Distributed Denial of Service) attacks, the type of attack when a large volume of requests are made to a web server and multiple computers flood a target site with so much network traffic that it responds very slowly or does not respond at all.

Supersonic CDN uses multiple techniques in order to appropriately detect and mitigate incoming attacks.

Domain threshold is responsible for identifying the type of DDoS attacks with a pattern of traffic that their traffic pattern consists of a slow rise in traffic over a period of time.This mechanism has a minimum DDoS threshold of 1,500 requests per 10 seconds and a maximum threshold of 100,000 requests per 10 seconds. If the customizable threshold value is met AND if the current number of requests is at least 2X the previous 10-second window then the DDoS mode will be activated.

Burst Threshold is responsible for identifying sudden bursts in traffic. This mechanism has a minimum DDoS threshold of 1,000 requests per 2 seconds and a maximum threshold of 80,000 requests per 2 seconds. If the customizable threshold value is met AND the number of requests is at least 5X the last 2-second interval, then the DDoS mode will be activated.

Sub Second Threshold is responsible for protecting against attacks that start with a burst and provides an extra layer of protection before the first 2 mechanisms will kick in.This mechanism has a minimum DDoS threshold of 50 requests per 100 milliseconds and a maximum threshold of 20,000 requests per 100 milliseconds. When the customizable threshold is met, the DDoS mode will activate on the WAF server that the traffic went through - compared to the other mechanisms that will activate DDoS mode for the entire WAF Cluster.

IP rules

This option allows you to add an IP or several IP addresses to the list of Allowed or Blocked IPs. This means that the IP address added to the Allowed IPs range will be not checked by our Firewall. When you add an IP address to the Block IPs range, it will be blocked from accessing your data.

WAF Mode

This option allows you to enable or disable WAF mode. When turned ON, the WAF is actively protecting your website.

Screenshot showing CDN WAF mode activated

API URL Configuration

If you're using an API on the same domain that is being protected by the WAF, this will let that API to be allowed through the WAF. You can put in a path and the WAF will ignore everything hitting it. Without the need to create a WAF Rule. You can paste a path there if you start noticing you are getting blocked. Then a high-level path can be added and not a specific page.

User Agents

A user agent is a piece of software that acts on behalf of a user - such as a web browser. When we type something and click, the browser is acting as our “agent,” turning our actions into commands. User agent is anything that facilitates end-user interaction with web content, many things can be user agents, an email reader is a mail user agent, for example. Operating Systems, Link checkers, different media players, email libraries, scripts, etc. can also be user agents.

User agents are unique to every visitor on the web. They denote the browser or application level interface that is being used to make an HTTP request. These options are useful for helping to block various bots.

NOTE: User-agent policies can block some legitimate traffic from tools like Pingdom, GT Metrix, and Google PageSpeed Insights.

The User Agents menu helps to block the invalid or unknown User Agents.

WAF & OWASP Top Threats

A combination of threats is collected by Supersonic CDN, as well as top security risks that have been reported in the OWASP (Open Web Application Security Project), an international non-profit organization dedicated to web application security. These are the core resources that power our WAF.

Under the WAF & OWASP Top Threats option, you can to block the next types of attacks and suspected requests:

  • SQL Injection
  • XSS Attack
  • Shellshock Attack
  • Remote File Inclusion
  • WordPress
  • Apache Struts Exploit
  • Local File Inclusion
  • Common Web Application Vulnerabilities
  • Web Shell Execution Attempt
  • Response Header Injection

CSRF Attacks

Cross-Site Request Forgery (CSRF) is an attack that forces end-users to execute unwanted actions on a web application in which they're currently logged in. An attacker makes victims use their credentials to invoke a state-changing activity, for example, password or email address change and so that to gain full control over the user's account.

The CSRF option will generate a CSRF token (security credentials for login) for you to prevent your website from this type of attack.

IP Reputation

This option allows you to blacklist traffic originating from well-known IP addresses. This way, you can block malicious traffic without having to inspect it first. This feature scans different sources of requests across the internet for real-time threat intelligence information like IP, source location and more. With this information, it can block or allow requests based on the latest threats on the web.

The IP Reputation has the following options:

  • Traffic via TOR Nodes
  • Traffic via Proxy Networks
  • Traffic from Hosting Services
  • Traffic via a VPN
  • Convicted Bot Traffic

Behavioral WAF

(advanced threat protection)

This menu blocks or allows traffic based on Supersonic CDN sophisticated user behavior and reputation analysis rules. The WAF adapts to your users’ behavior and analyzes how they use your website. This option helps improve your website security, with minimal impact on the user experience of it.

In this menu you can manage the following options:

  • Spam Protection
  • Block Probing and Forced Browsing
  • Obfuscated Attacks and Zero-Day Mitigation
  • Repeated Violations
  • Brute-Force Protection

Anti-Automation & Bot Protection

This set of options is focused on blocking bots and other types of non-legitimate automated traffic. From here, you can manage the following variants:

  • Force Browser Validation on traffic Anomalies
  • Challenge Automated Clients
  • Challenge Headless Browsers
  • Anti-Scraping

CMS Protection

The option allows the backend functions of Content Management Systems (CMS) to function without being blocked or challenged by your Firewall (WAF).

You can whitelist admin logged-in users for the following CMSs:WordPress, MODX, Drupal, Joomla, Magento, Umbraco.

Here you have an option to Whitelist the IP address for your Origin Server as well.

Allow known Bots

These settings whitelist the known bots. If traffic comes from any of the checked bots mentioned below, it will be whitelisted automatically.

Need any help? Contact our Support team

Updated
4/22/2020

Viewed
592 times

Comments

We welcome your comments, questions, corrections and additional information relating to this article. Your comments may take some time to appear. Please be aware that off-topic comments will be deleted.

If you need specific help with your account, feel free to contact our Support Team. Thank you.

Need help? We're always here for you.

× Close