Recently, we ran into a small problem with a website we manage. The client was trying to connect a new service to their site and it was getting blocked by our firewall rules. This can be frustrating, but a few tweaks on my part fixed the issue.
The fix involved adding an exception for the service, but NOT turning off the firewall rules. These firewall rules are an essential part of our maintenance service. Here’s why WAF Firewall rules are so important for your site’s health.
What are WAF Firewall Rules?
WAF stands for “web application firewall.” So yeah, it’s like saying “ATM machine”. This firewall uses a set of rules to decide whether to allow, block, or challenge traffic trying to get to your website (your web application). It’s a line of defense that tries to prevent bad actors from accessing your site.
A bouncer for your website
Think of your website like your business’ actual location. Let’s face it, your website lives in a bad part of town. There are constant security threats to your site. The worst-case scenario is that someone with bad intentions gets INSIDE your website. So you hire a bouncer to stand out front and screen anyone who wants to come in.
Whitelisted VIPs
The first part of our firewall rules is a whitelist. This is like the VIP list that immediately lets people skip the line and get straight in. This means that bots like Google, Bing, Apple, and other known legit crawlers don’t get blocked. Blocking these could cause big problems for your site, so we let them through.
International traffic
Since most of our clients are local businesses, we put up a challenge to any internationally-based traffic. If they’re a human, they just check a box. But if they’re a bot, they will fail the challenge and get blocked.
Bad actors
We have a frequently updated list of sources we’ve identified as spammers and attackers. We put up a challenge for these visitors, and most prove to be bots and get blocked.
Logins
Anytime a visitor tries to access the login page for the site, they have to pass a challenge. This even applies to us! Every time we go to login, we have to check a box proving we’re human. This is like putting a second bouncer at the door to the back of the house, protecting the most important assets.
Why are WAF Firewall rules important?
There are two big reasons that we implement these firewall rules.
Preventing congestion
First, it makes our hosting more efficient. Imagine if your building was flooded with people trying to get in and look around. At a certain point, there are too many people for everyone to move around and do any actual business. In website terms, this would mean your server resources are maxed out and your site crashes. If you realized that 90% of the people in your business were either there to waste time OR to actively try to break into your safe, you’d want the bouncer to start blocking some of those folks.
Keeping you safe
Secondly, and most importantly, is security. The best way to prevent someone cracking your safe is to stop them from getting in the building in the first place! The firewall rules we put in place stop MOST bad actors from ever even accessing your site at all.
Cloudflare WAF Firewall
To continue the metaphor, imagine if you could hire a group of bouncers that lined up along the city limits and blocked bad actors THERE! This is essentially what Cloudflare’s WAF does. It filters traffic at the edge, long before it ever even gets to your site’s server.
Is your site safe?
If you’re not sure whether your site has this kind of security in place, reach out to us today. We have a great hosting & maintenance plan for your WordPress website!