We are always striving to give our clients the best experience with their website. With the ever evolving world of website technology website security is more important now more than ever. We are adding the option of Website Application Firewall (WAF) for our websites to add a more secure experience for our clients and their visitors. We partner with GoDaddy to offer Website Security plans powered by the Sucuri cloud-based security solutions.
What does the Website Application Firewall offer?
- Website Acceleration, caching and CDN (Content Delivery Network).
- Brute force protection on pages and login.
- Virtual patching and hardening to improve your security posture.
- Full DDoS (Distributed Denial of Service) protection on all plans.
- PCI compliance.
- Blocks malicious bots and vulnerability scanners from reaching your website.
- Protection against SQL Injections, XSS (Cross-Site Scripting), RCE (Remote Code Execution), and all known-attacks.
- Advanced Access Control Features like password protected pages or IP address restricted pages.
How does the Website Application Firewall work?
The firewall acts as a security checkpoint before traffic goes to your website and hosting server. The firewall will filter the requests coming to your website and block any bad or malicious requests.
Website Request Workflow
Visitor > WAF > Hosting Server > WAF > Visitor
When a request is blocked by the firewall you will see a HTTP 403 Forbidden response. In the browser you will see a message with the header “Access Denied – GoDaddy Website Firewall”. If you see this block message on your website and you believe the block to be a false positive, please provide us with a screenshot of the “Access Denied” message and we will be more than happy to investigate the issue. The WAF does have the ability to allow an IP or a website URL path to avoid filtering if needed.
WAF Server Locations:
- North America
San Jose, CA, US
Chicago, IL, US
Dallas, TX, US
Miami, FL, US
Washington, DC, US
What is a DDoS Attack?
A Distributed Denial of Service (DDoS) attack is a non-intrusive way attackers can attempt to bring down your website. A non-intrusive attack means the attack is not exploiting any vulnerabilities of the website coding or configuration. The primary goal of a DDoS attack is to slow down or completely bring down your website by bombarding the website with more traffic than it can handle so legitimate user traffic is stopped from accessing the website. The WAF will detect and block the DDoS attacks before they reach your website or hosting server.
Does the CDN & Caching speed up my website?
The WAF CDN is built to help speed up your website around the world! The WAF CDN is responsible for caching your website automatically, the CDN is able to speed up your website by up to 70%. The WAF network has CDN servers around the world (5 in North America) that saves your website content, so no matter where your website traffic is coming from your website will load quickly.
- Page Caching Time: 180 minutes.
- Redirects (HTTP 301/302) Caching Time: 180 minutes.
- Not Found (HTTP 404) Caching Time: 4 minutes.
The WAF caching is here to help speed up your website and also works to help reduce the requests that go to the hosting server. The less requests that go to the hosting server, the less resource usage on the hosting server. Static files (jpg, png, js, css, pdf etc..) will be cached for 3 days, this is done to prevent certain types of DDoS attacks. We will install and activate the WAF companion plugin in your WordPress website that will be configured to automatically clear the WAF cache when publishing your website pages or posts.
WAF Traffic Logging
The WAF offers Real Time logging in the firewall dashboard which allows us to monitor every allowed request on your website. The Audit logging allows us to see detailed information on blocked requests on the website and offers searchable history of requests. This is the tool we will use to see we need to apply a Geo Block. Geo Blocking is where we block an IP address based on the registered country for the IP address, this way we can restrict access to only your market country or block known malicious attacks from a specific country.
Does the WAF make my website PCI DSS compliant?
Yes, just having your website behind the WAF makes your website Payment Card Industry Data Security Standard (PCI DSS) compliant. We can even supply an Attestation of Compliance (AOC) document by request. The firewall does allow penetration testing if you are needing to have it test with the firewall active or even bypassing the firewall rules.
What does this mean to you, the business owner?
You will benefit from the peace of mind knowing your website has advanced security and optimized by the CDN and caching provided by the WAF. The firewall gives us the ability to quickly and effectively stop malicious attacks on your website. The WAF provides detailed and organized logging in case any reviews are needed. With all these factors considered, it means smoother sailing for you and your website visitors.
We can help you with a WordPress website that works the way you expect it to. Reach out to us via our contact page or schedule a call with us below.