You are here:
eCDN Web Application Firewall
Embedded Content Delivery Network (eCDN) Web Application Firewall (WAF) helps protect your storefront using extra layer 7 protection.
- WAF Protection
Enabled by default when creating proxy zones, WAF is a layered approach to security and an important component of a multitiered approach to bad actor mitigation. - OWASP WAFv2 Managed Ruleset
When responding to a potential web application threat, eCDN WAF looks at each incoming request, assigns the request a threat score, and responds appropriately. Each incoming request that triggers an OWASP rule increases the overall threat score. Some rules impact the score more than others. - eCDN WAFv2 Managed Ruleset
Created by the eCDN security team, this ruleset provides fast and effective protection for all of your applications. The ruleset is updated frequently to cover new vulnerabilities and reduce false positives. - eCDN WAFv2 Exposed Credentials Check
Deploy an automated credential check on your end-user authentication endpoints. For any credential pair, the eCDN WAF performs a lookup against a public database of stolen credentials. Created by the CDN security team, this ruleset provides fast and effective protection for all of your applications. The ruleset is updated frequently to cover new vulnerabilities and reduce false positives. - Using WAF for the First Time
When using WAF for the first time, we recommend that you run WAF in Log or Simulate mode for at least one week. - Modify eCDN OWASP WAFv2 Settings
When responding to a potential web application threat, eCDN WAF looks at each incoming request, assigns the request a threat score, and responds appropriately. Each incoming request that triggers an OWASP rule increases the overall threat score. Some rules impact the score more than others. - Modify eCDN Managed Ruleset Settings
Created by the eCDN security team, this ruleset provides fast and effective protection for all of your applications. The ruleset is updated frequently to cover new vulnerabilities and reduce false positives. The default setting for the rule set is enabled. - Modify eCDN Exposed Credentials Check Settings
Deploy an automated credential check on your end-user authentication endpoints. For any credential pair, the eCDN WAF performs a lookup against a public database of stolen credentials. Created by the CDN security team, this ruleset provides fast and effective protection for all of your applications. The ruleset is updated frequently to cover new vulnerabilities and reduce false positives. - WAF and Network Traffic Logs
The logs contain all eCDN network traffic, not just the traffic that WAF identifies. You can track IP-reputation blocked traffic and analyze how much of your traffic doesn’t trigger WAF settings. - Modify eCDN WAF Settings
The eCDN Web Application Firewall (WAF) protects your storefront by analyzing and interpreting your HTTP/s traffic. WAF stops application level attacks that attempt to exploit code-level vulnerabilities. Configure the security sensitivity level, and decide what action WAF takes when a suspicious web request attempts to access your storefront. - eCDN-WAF Log OCAPI References
You can request eCDN-WAF log files from Open Commerce API (OCAPI). Each realm supports up to 24 pending log request downloads.A minimum period of five minutes is now enforced for retrieving WAF logs.
Did this article solve your issue?
Let us know so we can improve!
