Cloudflare WAF: Product Demo

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

the CloudFlare web application firewall or wife is an OSI layer seven intelligent and scalable solution to secure your web applications without changing your existing infrastructure or sacrificing performance the clouds layer web protects against a large number of web attack vectors such as file inclusion cross-site scripting attacks sequel injections and many other vulnerabilities this video will highlight key features of the cloud flare web including how to use the WHA frul sets to protect applications create your own custom firewall rules based on your security needs and visualize and analyze threats with the firewall analytics before enabling the web you need to create an account and add a domain to CloudFlare if you have a CloudFlare account sign in select your domain and navigate to the firewall app then the managed rules tab and tunnel after on the default web configuration is fine-tuned to reduce false positives to a minimum the CloudFlare whaff contains three packages CloudFlare managed to rule set Oh wasp mod security core rule set and custom firewall rules that are created and accessed through the firewall rules tab each package monitors and identifies suspicious activity for HTTP requests and takes action based on your rule configuration you can configure the CloudFlare and o ASP rules here in the manage rules tab the CloudFlare manage rule set contains security rules written and curated by CloudFlare including rule groups for CMS's such as Drupal and WordPress the CloudFlare specials group is a rule group that provides core wave security against common attacks and zero-day vulnerabilities after toggling the rule group to on you can choose to use each rules default action or override it with your preferred action the possible laughs actions include disabled which turns off the rule simulate which allows and logs the request in the web activity log block which blocks the request Challenge which will challenge your site's visitor with a CAPTCHA challenge page if you scroll down you'll see the OWASP mod security core rule set cloud flares implementation of the OWASP rule set each wasp rule that matches a request will increase the threat score for that individual request after the request exceeds a specified threshold the laughs will trigger your chosen action you can configure this rule sets threshold sensitivity high medium low or off and the default action and simulate challenge or block each rule group can be enabled by toggling the switch to on individual rules can also be turned on or off as required CloudFlare enables DDoS protection for each application details on which mitigations are applied automatically can be seen in the cloud flare DDoS protection card now let's create a custom firewall rule CloudFlare firewall rules allow you to construct expressions to match and filter HTTP requests and determine how the web should handle the matching traffic let's create a rule to block traffic with a specific user agent the Pingdom bot from accessing the home page of our site to create your own firewall rule navigate to the firewall rules tab click create a rule assign a name and the Pingdom user agent and add another criteria to match the uri equals to slash when initially deploying the rule you can run a test that will provide an estimate on the number of matches against historic traffic you could also deploy the rule in log mode and monitor the analytics for some time to ensure no false positives once you're confident the rules correct you can deploy it in block or challenge mode now that we've created and tested our firewall rule let's head to the overview tab to review the firewall analytics details about security events are critical for monitoring and maintaining and optimal security configuration for your web application CloudFlare firewall events allow you to better understand your threat landscape to identify mitigate and review attacks more effectively events are currently stored for up to 30 days and the dashboard can be filtered on custom time ranges from 30 minutes to up to 72 hours you'll see a count of firewall activity per action or prep CloudFlare service details of the traffic flag or actioned such as IP address user agents or country and an activity log that provides a list of all view sent firewall events organized by date to show the action taken details about the request and the CloudFlare security feature that matched after the rule that we deployed earlier has been running for some time we can now see the rule matching in our analytics let's reduce the time frame to the last 30 minutes expand the filter to show the top 10 rules find our rule and click filter the dashboard is now showing data matching the rule filter only we can see the matched user agent the client IPS the graph displaying the data over time and also the ASN numbers from which the traffic is coming from finally using the activity log we can expand a single event and see all the related event details in this demo you've seen how to use the waffle sets create your own custom firewall rule and visualize threats with firewall analytics now you're ready to get started with a CloudFlare whack to learn more about how the CloudFlare whaff can help you protect your applications sign up for a CloudFlare account at CloudFlare calm

Info

Channel: Cloudflare

Views: 14,198

Rating: undefined out of 5

Keywords: Cloudflare, CDN, DDOS, Security, DNS, Resolver, 1.1.1.1, waf, web application firewall, product, demo, security, protection, tutorial, walkthrough, onboarding, firewall rule, firewall rules, attack, attack vectors, applications, analytics

Id: jxNVOLgaEZM

Channel Id: undefined

Length: 6min 12sec (372 seconds)

Published: Fri May 15 2020