ANS Documentation

Improve This Doc
  • Cloud
  • Domains and DNS management
  • Backup and High Availability
  • eCommerce Stacks
  • Security
    • DDoSX®
    • Web Application Firewall
      • What is a Web Application Firewall?
      • What kind of attacks does a WAF prevent?
      • Getting started with a Web Application Firewall (hardware-based)
      • Managing a Web Application Firewall in-life (hardware-based)
      • Troubleshooting (hardware-based WAFs)
    • Threat Monitoring and Threat Response
    • McAfee Antivirus
    • Vulnerability Scans
    • Keeping Magento secure
    • Keeping WordPress secure
    • Brute Force Attacks
    • CryptoLocker
    • Dirty COW
    • The Logjam attack
    • Meltdown and Spectre
    • Memcached security concerns and reflection/amplification DDoS attacks
    • Wana Decryptor / Wana Decrypt0r 2.0 / WannaCry
    • Log4J Vulnerability
    • Polkit Security Vulnerability CVE-2021-4034
    • CVE-2022-0847 - Dirty Pipe Vulnerability
  • Email
  • Monitoring and usage management
  • Networking
  • Operating systems
  • Webcelerator
  • MyUKFast
  • Home >
  • Security >
  • Web Application Firewall >
  • Getting started with a Web Application Firewall (hardware-based)

Getting started with a Web Application Firewall (hardware-based)¶

This page relates to hardware-based WAFs only. Please see here for guidance on getting started with WAF on DDoSX.

If you would like to implement a hardware-based WAF then it’s important to understand the phases you will need to go through. UKFast will work with you at each stage.

Planning phase¶

During the planning phase you will define the web applications you wish to protect, and identify all the domains associated with these applications. (A WAF operates on a “per domain” basis).

You will need to provide UKFast with:

  • The domains hosting the web applications you wish to protect

  • The internal IPs of the servers the web applications are hosted on

Our WAF analysts will work with you to understand what is considered “normal” traffic to your applications. It’s important to ensure a common understanding of exactly how your applications operate before moving forwards. We will also identify points of potential access or attack.

Learning phase¶

UKFast will build and implement the WAF based on the ruleset agreed in the planning phase. At this stage, you will need to point the DNS records of the domains to be protected towards the WAF, rather than towards the servers hosting the applications. (If you manage your DNS through UKFast we may be able to do this for you.)

The WAF will initially be set to operate in a learning mode, which will last 2-4 weeks. During this learning phase, the WAF will be monitoring traffic but not blocking anything. The purpose of the learning phase is to identify the detailed traffic patterns to your applications, and to systematically understand which traffic should be allowed. UKFast WAF analysts will work with you during this learning phase to allow legitimate traffic based on our common understanding of your applications and requirements.

Warning

It’s vital to understand that when set to learning mode, the WAF is not blocking any traffic.

Implementation phase¶

Only once the learning phase is completed and we’ve agreed between us the specific ruleset for your application, will the WAF be fully switched-on. At this point, any traffic not specifically allowed will be deemed as malicious and denied. This will be recorded and available for ongoing analysis.

Next Article > Managing a Web Application Firewall in-life (hardware-based)

  • Useful Links
  • SMB
  • Enterprise
  • Channel
  • Public Sector
  • ANS Data Centres
  • About ANS
  • Careers
  • Blog
  • Get in touch
  •  
  • Sales 0800 458 4545
  • Support 0800 230 0032
  • Get in touch

© ANS Group Limited | Terms and Conditions | Corporate Guidance | Sitemap
ANS Group Limited, registered in England and Wales, company registration number 03176761, registered office 1 Archway, Birley Fields, Manchester M15 5QJ