The Quant WAF has been part of our all-in-one platform since late last year, but we recently added an update to help you improve your security posture. Let’s take a quick look at the new WAF hit rate limiting feature in your dashboard. You can also check out our recent changelogs for more details on feature updates.
What is a Web Application Firewall (WAF)?
A Web Application Firewall (WAF) is a security solution for monitoring, filtering and blocking malicious traffic and attacks. A WAF plays a vital role in protecting web applications from a variety of threats including DDoS attacks, SQL injection, cross-site scripting (XSS), and other vulnerabilities that can lead to data breaches. Using a WAF benefits your websites by defending against known and emerging threats, helping with data protection standards compliance, and providing better availability for your users. The Quant WAF is a key part of a comprehensive security strategy.
What is rate limiting?
Rate limiting is a way to manage application, server and API requests to ensure fair usage and prevent overload. By restricting the number of requests in a given time frame, rate limiting mitigates against brute force attacks, DDoS attacks, and other forms of abuse. And, for better cost control, rate limiting can help prevent excessive bandwidth and resource usage. Rate limiting is used in technologies that serve different aspects of managing traffic and system interaction such as Content Delivery Networks (CDNs), load balancers, web servers and WAFs. In the Quant Dashboard, you can configure rate limiting based on IP addresses, request headers, and now WAF hit rates.
How to use the WAF hit rate limiting feature
The new WAF hit rate limiting feature is very simple to configure:
- Create a proxy
- Enable the WAF for that proxy
- Toggle the “WAF hit rate limiting” settings
- Update the configuration based on your requirements for mode, WAF hits, minutes threshold, and cooldown period
Tip: It’s highly recommended starting in “Report” mode when configuring your WAF settings. After collecting data for a few days or weeks, review your logs and tune your settings if necessary. Once the settings are as expected, switch to “Block” mode.
If you have any questions or have suggestions for making the WAF hit rate limiting feature more useful, contact us and let’s talk!