Skip to content

WAF

QuantCDN WAF is an optional extra that needs to be enabled for your account. To begin you will need to contact support and request WAF enablement for your organisation.

A WAF’s aim is to protect dynamic systems from potentially harmful traffic patterns.

Enabling WAF for your application

Once your account has WAF enabled you can utilise the rules page to add WAF and configure WAF to a proxy rule.

To add a rule:

  1. Navigate to rules
  2. Create or edit a proxy rule
  3. Scroll down to WAF settings and check the Enable WAF

Quant Proxy Rule configuration

Configuration settings

Settings

General settings for the WAF.

SettingDefaultDescription
WAF ModeBlockThe opeating mode of the WAF
WAF Level1How strict the WAF will be when analyising traffic

Rules and IP overrides

SettingDefaultDescription
Always skip WAF ruleRemove specific rules from your WAF configuration and is used to tune the WAF for your application
Always allow from IPsAn IP allowlist that will be excluded from WAF analysis
Never allow from IPsA IP blocklist that will always be rejected by the WAF
Never allow from user agentUser agent blocklist
Never allow from refererHTTP referer blocklist

Block dictionaries

A dictionary of well-known bad actors that can be optionally enabled.

SettingDefaultDescription
Block bad botsEnable the bot blocklist
Block bad referersEnable the referer blocklist
Block bad IPsEnable the IP blocklist

HTTP:BL

Enable Project Honeypot integration for the WAF

SettingDefaultDescription
Enable Http:BL Enable project honeypot
Block suspicious IPsBlock IPs that project honeypot determines as suspicious
Block harvester IPsBlock any request that is determined to come from a data harvester
Block spam IPsBlock spam IPs
Block search enginesBlock requests that are marked as coming from search engines

IP rate limiting

To better protect your application, the WAF can be configured to provide rate limits to request IPs. The rate limiting protects against burst IP traffic, the request rate needs to be sustained over a short period to trigger.

SettingDefaultDescription
ModeDisbaledIf the rate limit is applied
RPS threshold10The number of requests that are required to trigger the rate limit
Cooldown period30Number of seconds a client’s IP address will be restricted

When the rate limit is reached the WAF will respond with a 429 status code.

Request header rate limiting

SettingDefaultDescription
ModeDisabledIf the header rate limiting is enabled
Header nameThe name of the header used to group requests and apply the
RPS Threshold5The number of requests per second a client needs to make in the window
Cooldown period30Number of seconds a blocked client will be restricted for

Notification settings

QuantWAF can trigger notifications to a nominated Slack channel when a block or rate limit rule is triggered.

SettingDefaultDescription
Slack webhookYour applications webhook from Slack
Slack RPM thresholdControl the frequency of notifications to the webhook

Please see the Slack documentation for creating a webhook.