WAF Implementation

Hi all,

I am after some guidance on how I would possibly implement WAF on my applications.

Currently we run some PHP based applications on a Rackspace server. These applications have their own SSL certificates.

How exactly will the WAF work with data being encrypted by SSL? Having read through some of the help articles, from my understanding CF would provide their own SSL certs that I would need to use in place of the existing ones - is this correct?

Also what changes would we need to make to the domain in terms of domain records?

See:

https://support.cloudflare.com/hc/en-us/articles/205177068

https://www.cloudflare.com/learning/cdn/glossary/reverse-proxy/

CF is a reverse proxy - All traffic going to your website goes to Cloudflare instead of your server. CF has its own TLS certificates for the domain and decrypts the connection so it can provide the features it does (WAF, DDOS protection, caching, etc). If a request is not malicious, CF establishes its own TLS connection with your actual server and sends the request through that.

For most use cases, CF will become your authoritative DNS provider and will handle managing the records for you; in this case, the DNS tab allows you to choose whether or not you want a DNS record to go through the CF proxy or not.

If you want to keep control over your DNS and just use CF for some web properties, there is CNAME setup.

1 Like

Hi Judge, thanks for your input on this.

I just have a few more questions:

  1. How quick/easy is it to disable the firewall and revert back to traditional routing?
  2. Is there a demo version I can use (or maybe a video of the WAF in action)?
  3. What is involved in the setup process? Is everything done in CF or do I also need to make any changes my end?
  1. When you use Cloudflare dns you can move a record back to “DNS only” mode (disabling the proxy) by a single click and soon clients will stop going through CF to access the origin (TTL for DNS records is usually 5 minutes).

  2. There might be a demo if you talk to Sales but I can’t say for certain. If you’d like to just see it work:

  1. The setup requires changing nameservers at the registrar - see the full process at https://support.cloudflare.com/hc/en-us/categories/200275218

If you would like more targeted answers it might be worth it to contact sales - https://www.cloudflare.com/lp/overview-x/

1 Like

Thanks @Judge. At this stage I am carrying out an initial analysis of different WAF solutions, to determine which one ticks most of the boxes. I have a few more questions for you:

  1. Can it send out alerts when x criteria is met? I.e if a certain rule is breached?
  2. What impact, if any will routing our traffic through the WAF have on our application performance? Say for example users are uploading large files, I’m guessing the WAF need to analyse these files?
  3. Are there any graphs / reporting tools where we can see an overview of traffic monthly?

Thanks.

@Judge are you available to advise on the above please?

This topic was automatically closed after 30 days. New replies are no longer allowed.