The Quant Web Application Firewall (WAF) was added to our all-in-one web platform recently, and we just updated it to include IP and request header rate limiting for even better web security. Let’s take a quick look at the new rate limiting features in your dashboard. You can also check out our recent changelogs for more details on feature updates.
What is a Web Application Firewall (WAF)?
A Web Application Firewall (WAF) protects web applications by filtering and blocking suspicious traffic and cyberattacks including SQL injection, cross-site scripting (XSS) and DDoS attacks. Not only does a WAF defend against cyberthreats, it can ensure better website availability and help you comply with data protection standards. The Quant WAF is a vital web security solution to protect your websites and applications.
What is rate limiting?
Used for networks, servers, and other computer systems, rate limiting is a method where the number of requests is restricted in a given time frame to prevent overload and ensure fair usage. Rate limiting mitigates against DDoS attacks and brute force attacks as well as prevents excessive bandwidth and resource usage for better cost control. Throughout the web infrastructure stack, rate limiting is used in many important software systems including WAFs, web servers, and Content Delivery Networks (CDNs) like QuantCDN. In the Quant Dashboard, you can now easily add rate limiting based on IP addresses and request headers.
How to use the WAF rate limiting features
The new WAF rate limiting features are very simple to configure:
Note: It’s highly recommended to start in “Report” mode when configuring your WAF settings. After collecting data for a few days or weeks, review your logs and tune your settings if necessary. Once the settings are as expected, switch to “Block” mode.
IP rate limiting configuration
- Create a proxy
- Enable the WAF for that proxy
- Toggle the “IP rate limiting” settings
- Update the configuration for your requirements for mode, requests-per-second (RPS) threshold, and cooldown period
- Click the “Save” button
Request header rate limiting configuration
- Create a proxy
- Enable the WAF for that proxy
- Toggle the “Request header rate limiting” settings
- Update the configuration for your requirements for mode, header name, requests-per-second (RPS) threshold, and cooldown period
- Click the “Save” button
Feedback welcome!
If you have any questions or have suggestions for making the WAF rate limiting feature more useful, contact us and let’s talk!
About QuantCDN
Quant is a global static edge; a CDN combined with static web hosting. We provide solutions to help make WordPress and Drupal sites static, as well as support for all popular static site generators.