VergeCloud’s Web Application Firewall (WAF) employs Regex rules to block malicious requests using the Anomaly Scoring method. This method accurately recognizes threats by assigning values to every rule, and the total score of each request is calculated. If this score meets or exceeds the defined WAF threshold, the request is blocked. This document outlines the settings and configuration of VergeCloud's WAF.
Firewalls, particularly Web Application Firewalls, are essential for protecting web applications from a variety of cyber threats. They act as a shield between web applications and potential attackers by monitoring, filtering, and blocking harmful traffic. Key applications of firewalls include:
In addition to XSS attacks, WAFs safeguard against other vulnerabilities, such as SQL Injection, which targets the database layer of web applications. By filtering requests and blocking those that exhibit harmful characteristics, VergeCloud's WAF helps maintain the integrity and security of web applications, ensuring that legitimate users can interact safely while preventing unauthorized access or data breaches.
Consider a scenario where an e-commerce website is experiencing a surge in malicious traffic targeting its payment page. By configuring VergeCloud's WAF, the website can automatically block these harmful requests while allowing legitimate users to complete their purchases seamlessly.
To change WAF settings, navigate to your VergeCloud user panel in the CDN section and click on WAF.
In the WAF general settings, you can configure the WAF to one of the options provided in the Web Application Firewall section:
To disable the WAF on your website:
curl --location --request PATCH 'https://napi.vergecloud.ir/cdn/4.0/domains/example.com/waf' \
--header 'authority: napi.vergecloud.ir' \
--header 'accept: application/json, text/plain, */*' \
--header 'authorization: API KEY 1 2 3 4' \
--header 'cache-control: no-cache' \
--header 'content-type: application/json' \
--data-raw '{"mode":"off"}'
When set to Detection mode, the WAF logs requests but does not block any:
curl --location --request PATCH 'https://napi.vergecloud.ir/cdn/4.0/domains/example.com/waf' \
--header 'authority: napi.vergecloud.ir' \
--header 'accept: application/json, text/plain, */*' \
--header 'authorization: API KEY 1 2 3 4' \
--header 'cache-control: no-cache' \
--header 'content-type: application/json' \
--data-raw '{"mode":"detect"}'
To protect your website against suspicious requests:
curl --location --request PATCH 'https://napi.vergecloud.ir/cdn/4.0/domains/example.com/waf' \
--header 'authority: napi.vergecloud.ir' \
--header 'accept: application/json, text/plain, */*' \
--header 'authorization: API KEY 1 2 3 4' \
--header 'cache-control: no-cache' \
--header 'content-type: application/json' \
--data-raw '{"mode":"protect"}'
Before activating the WAF, configure settings to recognize possible threats. This helps distinguish real threats during an initial observation period.
After monitoring, access the WAF Attacks Analysis to review logs and identify any False Positives. This information allows you to deactivate unnecessary rules based on specific IDs from the logs.
To disable a specific rule via the API:
curl --location --request PATCH 'https://napi.vergecloud.ir/cdn/4.0/domains/example.com/waf/packages/default?revelio' \
--header 'authority: napi.vergecloud.ir' \
--header 'accept: application/json, text/plain, */*' \
--header 'authorization: API KEY 1 2 3 4' \
--header 'cache-control: no-cache' \
--header 'content-type: application/json' \
--data-raw '{"disabled_rules":["21001","21003","21006","21009","40026","99001","21002"]}'
Utilizing security packages allows you to apply predefined WAF settings based on your requirements. Currently, VergeCloud offers a default WAF package along with two additional standard packages: CRS and Comodo.
This package contains VergeCloud’s default WAF rules, designed to prevent various types of attacks:
This package includes general rules for identifying attacks and can be utilized in conjunction with VergeCloud’s CRM feature:
This package can be activated alongside other packages within the VergeCloud user panel and includes advanced filtering and intrusion protection rules.
In VergeCloud’s Web Firewall, you can enable or disable WAF protection for specific paths or IP ranges. To do this, navigate to the WAF section in the CDN panel and click on "Add New Rule".
To create a custom rule:
curl --location --request POST 'https://napi.vergecloud.ir/cdn/4.0/domains/example.com/waf/rules' \
--header 'authority: napi.vergecloud.ir' \
--header 'accept: application/json, text/plain, */*' \
--header 'authorization: API KEY 1 2 3 4' \
--header 'content-type: application/json' \
--data-raw '{"id":null,"url_pattern":"example.com/**","sources":["192.168.1.1/32"],"description":"Test For Docs","action":"protect"}'
Review and analyze identified attacks in the VergeCloud WAF Attacks Analytics. Here, you can view detailed attack logs to adjust your rules according to your website's expected behavior.
Each attack log contains the following information: