Setting up a Website Firewall

What a WAF does

A Web Application Firewall (WAF) inspects the web traffic coming to your site and blocks malicious requests before they reach the application. It works from a rule set that recognizes common attack patterns - for example the OWASP Core Rule Set, an open-source baseline that screens for the attack types in the OWASP Top 10, such as SQL injection and cross-site scripting.

Why your site needs one

A public website is probed constantly by automated tools looking for those same weaknesses. Without a firewall in front of it, your site is more open to attacks that can expose customer data, deface pages, or take the site offline. A WAF screens that traffic around the clock and stops the obvious attacks before they land, buying time even when the underlying application has a flaw.

How to fix it

1. Enable a WAF. Many run through your CDN or host - Cloudflare, for example, can be added with a DNS change and no server work.
2. Turn on the managed rule set. Enable the provider's managed or OWASP Core Rule Set so the most common attack patterns are covered out of the box.
3. Tune for false positives. OWASP notes the Core Rule Set may need adjustment; review what it blocks early on so legitimate traffic isn't caught.

How to confirm it's fixed

Check the firewall's activity log - it should show requests being inspected and malicious ones blocked. A periodic look at that log confirms the WAF is active and flags anything unusual. Ask your IT provider whether a firewall is active on your site today, and which rule set it's running.

Sources

• OWASP ModSecurity Core Rule Set
• OWASP Top 10
• Cloudflare - Web Application Firewall documentation

‍