Cloudflare Web Application Firewall Review

最新推荐文章于 2024-04-25 08:37:10 发布
最新推荐文章于 2024-04-25 08:37:10 发布
阅读量1.6k 收藏
点赞数
分类专栏: firewall 安全

 

Cloudflare Web Application Firewall Review

Hi, I hope most of you are familiar with Cloudflare, in short, CloudFlare protects and accelerates any website online. Check more details about their features Cloudflare OverviewI’m a fan of cloudflare right from the start. Cloudflare has a free account , pro and  business account, For over an year i was using cloudflare as a free member and enjoying all the benefits it offers free of cost. One of my personal favorite is that its a reverse proxy, so from security point of view, you can’t tell the IP address of the server my website is hosted on. Some time back i participated in Cloudflare Bug BountyI found a XSS vulnerability in cloudflare core infrastructure which was effecting all cloudflare based websites, here is the writeupThey awarded me Cloudflare Pro account for lifetimeCloudflare pro, apart from other cool features, also offers Web Application Firewall. I’ve been using it for about 6 months now so i decided to write Cloudflare Web Application Firewall Review and let everyone know about its features.

Cloudflare Web Application Firewall Interface

Cloudflare WAF has an online easy to use interface, which users can access from their cloudflare account, Users have complete control over the working of WAF, which is explained later in this post. Users can do the following (but not limited to) operations.

  • Users can Turn Off/On firewall on single click
  • Rulesets can be changed.
  • Particular action can be decided for a particular rule, either, block, challenge, or just log the activity u3on triggering a user.
  • View IP address, user activity, and rules they triggered.
  • How many times a specific rule is triggered and who triggered it.

 

Cloudflare Web Application Firewall Rulesets

Cloudflare Web Application firewall is based on two types of rulesets , which are then divided over several rulesets, users have the ability to select rulesets that they want to enable or disable, also the action that firewall should take after a particular ruleset is triggered. Two main rule sets are as follow:-

 

OWASP ModSecurity Core Rule Set

OWASP ModSecurity Core Rule Set is opensource rule set developed by ModSecurity and OWASPThe OWASP ModSecurity CRS provides protections if the following attack/threat categories:

  • Protecting HTTP protocol violations.
  • IP looks for blacklisted IP’s from 3rd party.
  • HTTP DOS Protection
  • Common Web attack protection
  • BOT/Crawler detection
  • Scanning for malicious file uploads
  • Tracking sensitive data like credit card leaks
  • Detecting trojan horses
  • Application defects and misconfiguration detection
  • Error Detection

 

 


Cloudflare Web Application Firewall Modsecurity core ruleset

 

 

Cloudflare’s own ruleset

Cloudflare Ruleset is developed in-house by cloudflare. This ruleset contains several other rulesets for particular applications which contains the following.

 

  •  CloudFlare Atlassian  This ruleset provides specific protections against vulnerabilities within Atlassian applications and services.
  • CloudFlare Plone This ruleset should only be enabled if the Plone CMS is used for this domain. It contains additional rules that complement the technology-specific protections provided by similar rules in the OWASP ruleset.
  • CloudFlare Miscellaneous CloudFlare Miscellaneous contains rules to deal with known malicious traffic or patch flaws in specific web applications.
  • CloudFlare Php This ruleset should only be enabled if PHP is used for this domain. It contains additional rules that complement the technology-specific protections provided by similar rules in the OWASP ruleset.
  • CloudFlare Whmcs This ruleset should only be enabled if WHMCS is used for this domain. It contains additional rules that complement the technology-specific protections provided by similar rules in the OWASP ruleset.
  • CloudFlare WordPress This ruleset should only be enabled if the WordPress CMS is used for this domain. It contains additional rules that complement the technology-specific protections provided by similar rules.
  • CloudFlare Joomla This ruleset should only be enabled if the Joomla CMS is used for this domain. It contains additional rules that complement the technology-specific protections provided by similar rules in the OWASP ruleset.
  • CloudFlare Drupal This ruleset should only be enabled if the Drupal CMS is used for this domain. It contains additional rules that complement the technology-specific protections provided by similar rules in the OWASP ruleset.
  • CloudFlare Flash This ruleset should only be enabled if Adobe Flash content is used for this domain. It contains additional rules that complement the technology-specific protections provided by similar rules.
  • CloudFlare Specials CloudFlare Specials contains a number of rules that have been created to deal with specific attack types.
     

Cloudflare WAF events

Cloudflare WAF generates events when they are triggered, user can view those events their rulesets, why they were triggered, including the POST or GET request. This is particularly interested for people in Information security because you can see what attacks are common now adays, which services are being attacked and what are the payloads being used. I personally saw some interesting attacks. For example this one

 


Cloudflare Web Application Firewall Review

 

This is an SQL injection attack on a specific application. Even if you are lucky you can also get Zero Day vulnerabilities. The screenshot below describes the overall look for WAF events. The features here are self explanatory in screenshot.


Cloudflare Web Application Firewall Review

 

 

Conclusion

Cloudflare Web Application Firewall is simply great, it offers easy interface , a lots of features. The most important thing is the level of customization and details it offers. I personally recommend it as compared to Open sources WAF solutions. The easy to use interface and description of every makes it easy for non info security person to adopt to their settings. You may ask about negatives, i really tried to find negatives, I dont seem to find any, if you have any negatives, feels free to post in comments, i will include them in this article. Thanks for reading Cloudflare Web Application Firewall Review.

source: https://haiderm.com/cloudflare-web-application-firewall-review/

天天向上_好好学习
关注
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
专栏目录
cloudFlare使用API Tokens实现动态DNS解析
10-10
CloudFlare利用API token进行动态dns解析 1.下载资源到本地解压 2.修改config.conf中zoneId、recordName、apiKey,在config.conf 中填写上述的ZoneId、apiToken,以及要操作的域名。 3.设置任务计划定时运行updateIpv...
知道防火墙是什么吗?WAF (web application Firewall)防火墙原理及其简单绕过
AAAAAAAAAAAA66的博客
12-17 1043
不会吧,不会吧,不会还有人没听过防火墙吧? ~~听过是一回事,但了不了解又是另外一会事了,在我小时候,家里电脑刚买,对电脑那是相当的’爱护‘,每次开机都得克制我玩游戏的强烈欲望,先用对电脑进行杀毒,那免不了天天和360安全卫士打交道,凡是联了网,它就会显示防火墙已开启。(其实360也有着作为防火墙的功能)这样就应该是我认识防火墙这个词的过程的过程,不过真正的仔细了解还是在若干年后的大学了,计算机专业说不知道防火墙就有点说不过去了。 偷偷问一句,你们还用360不? 目录 简介 防火墙的类型 1
Web应用防火墙(WAF:Web Application Firewall)简介
weixin_40270125的博客
12-10 6322
了解WAF 1.1 什么是WAF Web应用防火墙(Web Application Firewall, 简称 WAF)基于云安全大数据能力,用于防御SQL注入、XSS跨站脚本、常见Web服务器插件漏洞、木马上传、非授权核心资源访问等OWASP常见攻击,并过滤海量恶意CC攻击,避免您的网站资产数据泄露,保障网站的安全与可用性。   1.2 WAF的功能 支持IP白名单和黑名单功能,直接将...
WAF(Web Application Firewal)
最新发布
qq_69100706的博客
04-25 739
WAF有多种部署形式,包括硬件WAF(作为独立设备部署在网络边缘)、软件WAF(安装在服务器上)和云WAF(作为一种云服务,无需本地部署,通过DNS重定向流量至云防护平台)。:WAF能够防御多种Web应用层面的攻击,包括但不限于SQL注入、跨站脚本(XSS)、跨站请求伪造(CSRF)、文件包含攻击、命令注入等。:WAF能够过滤掉恶意流量,如扫描器的探测请求、DDoS攻击中的大量请求,同时还能优化合法用户的访问体验。:通过有效管理流量和防止攻击导致的服务中断,WAF有助于保持Web应用的稳定性和可用性。
WAF(Web Application Firewall)
qq_35048277的博客
04-24 2959
1、生产背景 Web应用防护系统(Web Application Firewall, 简称:WAF)代表了一类新兴的信息安全技术,用以解决诸如防火墙一类传统设备束手无策的Web应用安全问题。 与传统防火墙不同,WAF工作在应用层,因此对Web应用防护具有先天的技术优势。基于对Web应用业务和逻辑的深刻理解,WAF对来自Web应用程序客户端的各类请求 进行内容检测和验证,确保其安全性与合法性,
nginx 安装问题
levena的博客
09-30 1万+
The page you are looking for is temporarily unavailable. Please try again later. Something has triggered an error on your website. This is the default error page for nginx that is distributed with Fedora. It is located /usr/share/nginx/html/50x.html You s
CloudFlare利用API token进行动态dns解析
08-09
CloudFlare利用API token进行动态dns解析 1.下载资源到本地解压 2.修改config.conf中zoneId、recordName、apiKey 3.设置任务计划定时运行updateIpv4.sh或者updateIpv6.sh从而自动更新CloudFlare的动态ip
Cloudflare反代测速
08-11
8. **安全考量**:Cloudflare提供了许多安全特性,如Web应用防火墙(WAF)、防火墙规则和SSL/TLS加密。确保这些设置符合你的安全需求。 9. **CDN缓存策略**:优化Cloudflare的缓存设置可以进一步提高性能。理解哪些...
cloudflare客户端PC,免费使用
03-28
通过基于反向代理的内容分发网络(CDN, Content Delivery Network)、任播(Anycast)技术 [1]、基于nginx+lua架构的Web应用防火墙(WAF, Web Application Firewall) [2]及分布式域名解析服务(Distributed Domain Name ...
docker-cloudflare:Cloudflare DDNS最小docker
05-07
Cloudflare DDNS Cloudflare DDNS是一个Docker映像,可按计划更新Cloudflare上的DNS记录。表中的内容文件环境变量移民经常问的问题 入门docker run -d -v ./config.yaml:/app/config.yaml joshava/cloudflare-ddns ...
Turbulence Models and Their Application in Hydraulics 2nd
12-12
Turbulence Models and Their Application in Hydraulics:A State-of-the-Art Review(2nd).
ESL Models and their Application
12-31
ESL Models and their Application
Cloudflare-Blocking-Firewall-PHP:Cloudflare阻止防火墙PHP(阻止和取消阻止IP)
05-24
Cloudflare-Blocking-Firewall-PHP Cloudflare阻止防火墙PHP(阻止和取消阻止IP) 阻止IP(新的SecurityHelper)-> blockIp($ IP); unBlockIp(新的SecurityHelper)-> blockIp($ state_id); 从阻止ip收到的StateId 谢谢
Turbulence Models and their Application in Hydraulics_Rodi_1980
01-04
1. Introduction 2. Turbulence Modeling 3. Examples of Applications to Hydraulics Problems 4. Conclusions
Web应用防火墙(WAF Web Application Firewall)评价标准【译文】
Praifire的博客
08-30 4115
转载网址:http://blog.chinaunix.net/uid-204498-id-117972.html Web应用防火墙(WAF  Web Application Firewall)评价标准 Version 1.0 (January 16, 2006) Copyright © 2005,2006 Web Application Security Consor
ModSecurity web application firewall (WAF) Research - .Little Hann
chengfangang的专栏
02-29 4087
转载地址:http://bluereader.org/article/97681813 catalog 引言 OWASP ModSecurity Core Rule Set (CRS) Project Installation mod_security for Apache Installation mod_security for nginx Installation mod_security
【期末复习】网络安全技术(双语)
热门推荐
不忘初心,护天下安全!
06-27 1万+
如需原版文档,请联系我 《网络安全技术(双语)》 第一章 网络安全的本质 Network Security Essentials 1.Terminology 术语 2.Key Security Concepts/关键的安全概念 3.Computer Security Challenges 4.OSI Security Architecture/OSI安全体系结构 5.Passive ...
Windows has triggered a breakpoint in ***.exe.
shxmx的专栏
02-09 1136
Windows has triggered a breakpoint
Preventing Security Breaches: The Benefits of a Web Application Firewall
weixin_33725807的博客
05-24 91
If the benefits of cloud computing can be summarized in just one word, it would be an “enabler”. The cloud is an enabling technology that allows companies, software developers a...
cloudflare ddns
01-09
同时,Cloudflare的安全性也是其优势之一,用户的域名解析请求可以受到Cloudflare的DDoS防护和WAF(Web Application Firewall)的保护,确保用户的网站和服务不受恶意攻击。 总的来说,Cloudflare DDNS是一种方便、...
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值