WAF Implementation
Contents
- Centralized Malicious IP address registry
- Application level MYSQL Injection protection
- Session Limit and duration
- Modsecurity
Centralized Malicious IP address registry
There’s a central registry that keeps track of all IP addresses considered malicious and
blocked by the different WAF mechanisms installed on the different servers.
Whenever an attack is identified, the IP address is blocked on the local firewall of the server
where the attack occurred, and it’s also added to a central database, and then distributed
by every other server where the feature is enabled.
Application level MYSQL Injection protection
The following mysql injection protection measurements are in place:
● All user input is sanitized and escaped.
● All traffic to the application is monitored and inspected, blocking the remote IP address at the firewall level when the request contains any potentially malicious signatures, keyword pattern or character sequence indicative of a potential SQL injection attempt.
The IP address is also added to the central registry, and blocked on every server where the
feature is enabled.
Session Limit and duration
The ud121 platform implements two types of session limits:
1 - Max total number of sessions.
2 - Max number of sessions per IP address.
Both can be configured independently.
The duration (timeout) of each individual session must also be configured.
If the total number of allowed sessions (1) is reached, no new sessions will be allowed until
some sessions are terminated by reaching the configured timeout limit.
Likewise, if the number of sessions originating from a certain IP address exceeds the
configured (2) limit, no more sessions will be allowed from that IP, even if there are still
sessions available globally.
Modsecurity
Modsecurity WAF is installed and available by including its module on apache configuration.
The implementation includes the OWASP Core Rule Set that helps detect and mitigate
attacks like SQL Injection, Cross Site Scripting and Local File Inclusion