Web Application Firewall
Web Application Firewall protection is important for protecting state assets exposed to the wider internet. It is a highly recommended component for any public-facing web application because, as a protocol Layer 7 defense in the OSI model, it restricts public inbound traffic’s would-be attack vectors on infrastructure to Cloudflare’s IP ranges.
The service provides a scalable and easily implemented set of core protections from common attacks, including SQL injection, cross-site scripting and distributed denial-of-service. These protections are managed and routinely updated at the enterprise level to enable additional protections from the latest exploits. It is not designed to defend against all types of attacks.
The WAF service is implemented on most web applications using a DNS proxy through Cloudflare. Changes that are made to the DNS when implementing Cloudflare can prevent the need to expose an individual load balancer or server Intrusion Protection System to the wider internet.
Implementing WAF includes powerful real-time traffic monitoring tools to identify traffic that may be getting blocked, the type of traffic it is and where it originated.
Request Web Application Firewall
|Support||Get Technical Support
NCDIT Service Desk: 919-754-6000
NCDIT’s Web Application Firewall service is compatible with most web application configurations.
- WAF typically protects web applications from attacks such as:
- Cross-site forgery
- Cross-site-scripting (XSS)
- File inclusion
- SQL injection
- Detailed features covering Cloudflare’s managed rulesets (Core and OWASP) for filtering inbound web traffic to your applications can be found at:
- Increased security – most malicious traffic will receive a 403 (Forbidden) response and not reach your applications.
- Improved performance – blocking malicious traffic reserves compute cycles and memory for legitimate traffic. Rate limiting rules can be optionally configured to ensure that DDoS or request flood attacks are promptly blocked upon reaching a certain time-period ratio request.
- Simplified management – it’s easier to assess threats as well as day to day application activity with Cloudflare’s dashboard which logs application traffic in real time.
To request this service, or for more information, submit a ticket using the NCDIT Service Portal.
Please contact the service team via the NCDIT Service Portal for more information.
Requirements & Customer Responsibility
|Required NCDIT Services||
|Other Technical Requirements & Prerequisites||
|Acknowledgment Time||The service team should acknowledge a service request within about 2-3 business days.|
|Turnaround Time||The service team should be able to complete a well-defined service request within about 2-3 weeks.|
|Suggested For||State agencies|
|Service Support Hours||Support for the service is available 24/7.|
|Service Availability||The service is available 24/7, excluding planned outages and maintenance windows.|
|Standard Maintenance Windows||
|Service Level Agreements||NCDIT Global Service Level Agreement|
The service is funded through appropriated funds, and there is no cost to the agency.
Training & Help
Understanding WAF Managed Rules
Other Related Links
Related NCDIT Services