Get a free application, infrastructure and malware scan report - Scan Your Website Now

Managed WAF

What’s New in AppTrana? – A look into The Most Noteworthy WAF Updates In 2020

Posted DateMarch 15, 2021
Posted Time 4   min Read

The year 2020 came with a whole new level of security incidents due to the sudden push to acceleration of digital transformation. While the digital assets faced dark trends, we are on the mission to make our web application firewall safer, in the name of maintaining your web apps safe from hackers. As a result, our product AppTrana gains few exciting new updates, making your application security experience even better. This blog will explain the recent significant updates in our WAF product.

1.    Block Traffic from TOR IPs

The TOR, an acronym for “The Onion Router” is a system, which enables anonymous communication by masking the IP address of the user through encryption technique and a set of anonymous and private connections. Though TOR has legitimate uses, in practice the traffic from this network is tremendously malicious. Due to its large number of illegal uses, most businesses want to block access from TOR IPs.

Blocking traffics from the TOR network can block attackers from conducting system exploitation using the TOR network. On the other hand, if your site has a minimum risk of fraud, blocking TOR could restrict some legitimate users.

AppTrana WAF has updated a feature called TOR IP setting, which helps the customer to allow or block the traffic coming from TOR IPs.

1. Block Traffic from TOR IPs

By default, the TOR IPs are allowed to visit websites; customers have to unselect this option to block the traffic.

2.    Customize File Upload

Many hackers try to upload viruses, code, or malware as file attachments while uploading files in form submission. AppTrana took an initiative to defend your network and beat such threats. We have introduced different file upload settings in the WAF profile. Through this, customers can restrict the file uploads to certain formats and defend the application against infected file uploads.

2. Customize File Upload

In addition, to allow or deny whether the end-user can upload media files or the documents on their website, they can define the maximum file size to be allowed.

Four options for granting access to files on their website are:

Option Action
1 Block File Uploads blocking upload of all files by unselecting Allow File Uploads
2 Allow All Files blocking upload of non-document files & non-media files
3 Allow Documents blocking upload of non-document files
4 Allow Media Files blocking upload of non-media files

 

3.    Brand-new Email Alert Functionalities

AppTrana WAF is a risk management solution that monitors incoming and outgoing traffics of web applications and sends a notification to the customer when any alerts are triggered. Customers can customize alert rules to define how and when it sends an alert notification. As the alert notification has been inbuilt with the product; it’s time to upgrade to modern infrastructure, which will enable you to receive even better alerts into security events.

Here is the list of email alerts recently introduced in AppTrana:

Alerts Description
1 SSL Certificate Expiry Alert Emails SSL Certificate expiry alert email will be sent to all associated users that are administrators, view-only users, and website administrators.
2 WAF status change Alert Emails When there is a change in the WAF status for the web application, an alert email will be sent to all users.
3 WAF Bypass Alert Emails Whenever WAF is Bypassed or Unbypass, an alert email will be sent to all users.

 

4.    Updates on Traffic Summary

A new addition to the report section. Our web application firewall’s traffic summary has been enhanced with top 5 country details. WAF Customers can see the top 5 countries from where their web application is being visited. This is in an addition to the top 5 URI and top 5 IP in the traffic summary table. Also, help the customers to identify the most active regions.

AppTrana

 

By using AppTrana WAF, customers can develop a customized list to handle an automated approach for geographic blocking.

5.    WAF Rule Updates

AppTrana’s preconfigured rules are complex rules with a myriad of signatures, compiled from regulatory standards. Along with this, we have added a new set of rules, which not only ensures better protection coverage, but also aids customers to stay on top of the more sophisticated vulnerabilities.

The table depicts examples of few added WAF rules:

Rule Title Update
1 Improved Cross-site Scripting Attacks Cross-site scripting attacks category has been improved to provide protection from various advanced cross-scripting attacks such as XSS JavaScript injection, Angular JS client-side injection, HTML injection, attribute injection, and modification of JavaScript global variable.
2 DoS/DDoS IP Threshold Based Policy v2.0 This category has improved upon the basic DoS/DDoS protection provided by AppTrana to protect web-application against advanced DDoS attack.
3 Revamped Bot attacks Bot Attacks signature has been revamped as well as new bot signatures like crawler and scrapper signatures are added to continuously protect web application from the emerging bot attack.

 

As a leading security service company, Indusface strives to enhance and develop new features and aims to remain a company, which can deliver proactive security solutions to contribute to the cyberspace revolution. With these new updates and innovative features, it is possible for our customers to instantly start defending their web applications and servers.

Stay tuned for more product updates. If you want a deep dive into what’s new in our fully managed WAF product, feel free to connect with us.

web application security banner

 

Vinugayathri - Senior Content Writer
Vinugayathri Chinnasamy

Vinugayathri is a dynamic marketing professional specializing in tech content creation and strategy. Her expertise spans cybersecurity, IoT, and AI, where she simplifies complex technical concepts for diverse audiences. At Indusface, she collaborates with cross-functional teams to produce high-quality marketing materials, ensuring clarity and consistency in every piece.

Share Article:

Join 51000+ Security Leaders

Get weekly tips on blocking ransomware, DDoS and bot attacks and Zero-day threats.

We're committed to your privacy. indusface uses the information you provide to us to contact you about our relevant content, products, and services. You may unsubscribe from these communications at any time. For more information, check out our Privacy Policy.

Related Posts

types of cyberattacks a waf is designed to stop
8 Types of Cyberattacks a WAF is Designed to Stop

8 common types of cyberattacks a WAF is designed to stop. Indusface WAF allows custom rules, prevents business logic flaws, assures zero false positives.

Read More
SQL Injection attacks
How to Prevent SQL Injection Attacks?[7 Best Practices]

Discover how to prevent SQL injection attacks with techniques like input validation, restricting database privileges, parameterized queries, and deploying WAF.

Read More
How a WAF Works?
How Does a WAF Work?

A Web Application Firewall (WAF) enhances cybersecurity by filtering and blocking malicious traffic, protecting web applications from attacks like SQLi and XSS.

Read More

AppTrana

Fully Managed SaaS-Based Web Application Security Solution

Get free access to Integrated Application Scanner, Web Application Firewall, DDoS & Bot Mitigation, and CDN for 14 days

Get Started for Free Request a Demo

Gartner

Indusface is the only cloud WAAP (WAF) vendor with 100% customer recommendation for 4 consecutive years.

A Customers’ Choice for 2024, 2023 and 2022 - Gartner® Peer Insights™

The reviews and ratings are in!