Cloudflare Web Application Firewall Review

DISCLAIMER : There are no affiliate links in this post, i.e, I won’t be getting any commission by suggesting Cloudflare to you. This review is based solely on my experience with Cloudflare’s Pro membership plan.

Cloudflare Web Application Firewall

 

Cloudflare is the first company that comes to mind when someone thinks of a CDN (content delivery network). What people often don’t know is that they provide other much important services too.

Cloudflare has a large network of distributed domain name servers which they use for CDN and as a reverse proxy between the user’s browser and your server; and for many other things too. Anyways, I’m not here to give a detail of all the services provided by Cloudflare.


I’m here to tell you about Cloudflare’s Firewall protection. They calls it the “Cloudflare Web Application Firewall” or WAF. The Cloudflare Web Application Firewall is able to filter the content of specific web applications. Regular firewalls just serve as a safety gate between servers. By inspecting HTTP traffic, a WAF can prevent attacks caused from web application security glitches such as cross-site scripting (XSS) attacks, SQL injection and multiple security misconfigurations.

List of features 

  • Protects from DDoS attacks

A DDoS attack is when multiple sources try to flood your server by requesting multiple files from your server. This leads to your server’s Denial Of Service or DoS. Cloudflare protects your website from DDoS attacks as instead of your server, it is Cloudflare that takes on the load of the server spikes.

  • Filters, monitors and blocks traffic

The Cloudflare WAF is deployed in front of web applications and analyzes bi-directional web-based (HTTP) traffic – detecting and blocking anything malicious. Cloudflare successfully blocks this malicious traffic using it’s OWASP ModSecurity parameters. The Open Web Application Security Project (OWASP) is presently the industry standard for this.

  • Also protects from

    • Parameter Tampering
    • Hidden Field Manipulation
    • Forceful Browsing
    • Stealth Commanding
    • Cookie Poisoning
    • Known Vulnerabilities
    • Buffer Overflow
    • Backdoor or Debug options
    • Third party misconfigurations

Why invest in Cloudflare Web Application Firewall?Cloudflare Web Application Firewall

The Cloudflare Pro plan is the cheapest plan that comes with the WAF and includes 20 Page Rules which according to me is more than enough

Leaving your website/web-app vulnerable to unscrupulous hackers is not the right thing to do. A simple google search on protecting your web-app/website will provide you with multiple texts that’ll teach you how to setup firewalls. They’ll even teach you the implementation of OWASP standards and many other such things.

Now, just answer these questions and if even one of the answer is YES, the Cloudflare Web Application Firewall is meant for you.

  1. Will you ever be spending any money on CDN? If yes, then any paid CDN costs about the same as the Cloudflare Pro Plan.
  2. Do you lack the technical know hows of Network Protection. I’m a professional Web Developer and even I’m not comfortable with network security.
  3. Would your server or reverse proxy give up while protecting you from a 300gbps DDoS attack on your website? NOTE : 300 GB per second attacks!!
  4. Do you value your customers’ and your website’s data enough?

Pricing

There are three different Cloudflare Plans that provide you the Cloudflare Web Application Firewall protection. Out of these 3, I personally believe that the Pro plan which has 20 Page Rules is more than enough protection for more than 90% of the websites out there. Unless you have highly sensitive information on your servers, you don’t have to go overboard on your budget. The PRO plan will satisfy all your needs and will completely protect you from all external threats.

For Online Merchants : If you have an online store, installing a SSL certificate doesn’t cut it. You also have to follow the PCI compliance by conducting an application vulnerability security review on your web-app. By choosing Cloudflare, you get that PCI compliance too. Yes, it’s that simple and you save a lot of money!

Is it worth it? 

Of course it is. Instead of spending a hefty amount of money on a Network Security analyst to set up firewalls on your server to protect you, it is much more feasible to pay a small sum and get protection from industry leaders. Their credibility is fact enough for you to go for the Cloudflare WAF (included in the pro plan). Moreover, you’ll also receive faster CDN and advanced DDoS attack protection from them.

Leave a Reply

CommentLuv badge