Website Firewall Protection
No matter what kind of website you run, whether it’s dynamic or static, an e-commerce site or a blog, you need a website firewall. This article will explain why.
What is Website Firewall?
Let’s start with the basics. What is a website firewall? The very simple explanation is that it’s a secure barrier between your site and the internet. It screens both incoming and outgoing HTTP traffic and aims to block anything it identifies as insecure.
If you’re familiar with the concept of proxy servers, then a website firewall (or web applications firewall or WAF) is the same idea but for a server. Just as proxy servers act as intermediaries between client computers and servers which could be malicious, so website firewalls act as intermediaries between servers and clients which could be malicious.
What sort of protection does a website firewall offer?
A website firewall is not an all-in-one website-security solution. It does, however, protect against many threats to web applications (layer 7 in the OSI 7-layer model). These include common areas of vulnerability such as SQL injection, cross-site-scripting (XSS), and cross-site forgery. As is generally the case with website security tools, a website firewall is generally best used with a suite of other security tools to provide all-round protection across all network layers.
How Does a Website Firewall Actually Work?
Essentially a website firewall is a rules-based defense. You tell it what you want to block (and/or what you want to let through) and it will take care of the rest. Website firewalls aimed at the SMB market will generally come pre-configured but with the option to customize the configuration if it became necessary.
For example, if your website came under a distributed denial of service (DDoS) attack and you identified a common factor in the attack vector, say IPs from a specific country where you have few (or no) customers, then you might choose to block that country temporarily (or permanently).
The best website firewalls will make it possible for SMBs to change their policies easily and quickly so that they can respond to changing attack vectors.
Blacklists versus whitelists
In the blacklisting policy model, the website firewall screens HTTP traffic against designated criteria to see if it can reasonably be considered safe. If it can, then it goes through, if it can’t then it is blocked. In the whitelisting policy model, only traffic that is explicitly designated as safe is allowed through.
Both approaches have their advantages and disadvantages and the good news is that these days, you don’t have to choose one or the other. Modern website firewalls will let you do both. This allows you to keep the wide-ranging protection of blacklisting while allowing for faster data transfer between your website and websites you know to be safe. In other words, it gives you the best of both worlds.
Different Types of Website Firewalls
Website firewalls basically fall into one of three main categories.
A host-based website firewall is installed on the same server as the website application it protects. This allows for very tight integration and a high level of customizability. It does, however, drain a server’s resources. This means that companies effectively have to choose between the expense of a more powerful server or risking slower page-load times which can see (potential) customers leave and lead to a drop in their search rankings.
A network-based website firewall is usually implemented as a piece of hardware. This lifts the load on the servers and minimizes latency. It is, however, the most expensive option. Furthermore, you have the burden of dealing with physical equipment, plus you absolutely must have a Plan B in case of hardware failure. The alternative is being totally exposed, with potentially catastrophic consequences.
A cloud-based website firewall is usually the best option for SMBs (and often for enterprises too). Implementing a cloud-based website firewall is generally as simple as signing up for the service.
Once your account has been activated, you’ll have the standard level of protection, which will be very high, assuming you’ve chosen a reputable provider. You can, however, generally customize this further to suit your needs (and wants). As with all cloud-based services, the load will be on the back-end servers rather than on your local hardware.
Website Firewalls And Website Vulnerability Scanners
You can buy a website firewall on its own but it can be more practical, and more economical, to invest in an all-in-one website vulnerability scanner. Different companies will have their own variations on the theme, but any decent website vulnerability scanner will include a website firewall and an anti-malware product.
Please click here now to have your website scanned, for free, by cWatch from Comodo.
