Your Perfect Cybersecurity Partner

Stay Connected:

Image

Is CDN WAF enough to protect your web application?

What would you say if we told you that certain service was at USD 1.53 Billion in 2016 and is expected to reach USD 7.63 Billion by 2022.Is not this an exponential increase? Yes, that service is CDN WAF. Most business owners feels that if they install CDN WAF they are secure. Allow us to bust this myth. So, let’s deep dive.    

Your website's users are protected by CDN security. By using CDN you can enhance the overall experience of visiting your website. DDoS mitigation, enhancements to security certifications, and other optimizations may be provided by a CDN. Hackers are typically high levels of intelligence that they find new and innovative ways to attack systems—their  job is to get smarter. We must also think strategically or we should have one strategically-minded person.

What is CDN aka content delivery network?

A content delivery network (CDN) is a collection of servers that collaborate to quickly distribute Internet content. A CDN speeds up the delivery of assets like HTML pages, javascript files, stylesheets, photos, and videos that are needed to load Internet content. CDN services are gaining in popularity, and they now handle the majority of online traffic, including traffic from major websites like Facebook, Netflix, and Amazon. A properly constructed CDN may help protect websites from damaging attacks such as Distributed Denial of Service (DDoS) (DDOS).

Common method to bypass CDN WAF

When a web application uses CDN example cloudflare, it hides your origin server IP addresses for traffic you proxy to Cloudflare. Cloudflare will block an attacker attempting to use malicious payloads or files to execute on the main app. Even if an attacker tries with an IP address that he got by domain reverse lookup, it will show "Direct Access is not allowed."

What if you could directly connect to the Origin Server without passing through Cloudflare's protection? Then the app will have no protection via Cloudflare’s firewall and we can now test for various vulnerabilities like XSS and SQLI.

Tool to find the real IP behind CDNs/WAFs like Cloudflare:

  • Lilly
  • Sometimes SPF/DMARC/DKIM records
  • karma_v2

If your origin ip exposed server was completely naked, no WAF.

Advantages of CDN:

Reduce the server's load

Remember that a content delivery network (CDN) is a globally distributed network of servers. The material is not stored on a single primary server, but rather on client devices that retrieve data packets. Because of the intentional placement of servers over huge distances, no server is at risk of being overloaded. This frees up total capacity, allowing multiple concurrent users to be served, while also lowering bandwidth and delivery costs.

Lower Network Latency and Reduce Packet Loss

Packets are used to transport data across devices on the internet, such as from a website to an end-user. Along with the application or website data, these are small units of data that contain information about the source and destination network addresses, error detection and correction rules, protocol identifiers, and more. If these packets must travel over long distances and across multiple devices before reaching the end user, some may be lost. They could be delayed, increasing latency, or they could arrive at the end-user in a different order than planned, causing jitter. All of these factors contribute to a less-than-ideal end-user experience, especially when transmitting high-definition video, audio, or live streaming material. Consider concerns like out-of-sync audio, display distortions, and choppy audio, among others.

Improve Website Performance and Speed

Businesses that rely on their websites to deliver material rapidly can benefit greatly from CDNs. Consider an e-commerce company that has to convert visitors to customers and increase sales as rapidly as possible. Users may bounce off the web page, quit the site, or even go to a competitor's website if there is a considerable delay in page load times. By caching content on CDN servers nearest to end-users, a business can offer high-performance website content quickly. This content can contain HTML code, image files, dynamic content, and JavaScript. As a result, when a website visitor requests a page or piece of material, they don't have to wait for the request to reach the origin server. They can obtain web content from the servers closest to them, reducing user wait time and enhancing company web performance.

The other side of CDN:

An additional layer between the user and the website

Unless your site has a lot of spam and has to be protected, or is frequently targeted by hackers with DDoS, I don't see the use in adding another layer of security.

False-positive

Too many false positives were the most major downsides of CDN that I had previously encountered. Many of my users have already raised their concerns with being blacklisted. A captcha has to be solved in order to view the site's content. Due to high-security settings, CDN is concerned about site owners being locked out. Though you can whitelist your IP for your site, you will be whitelisting your IPs the majority of the time if you are not on a connection with a static IP or if your IP changes frequently (like it does in India).

Cloudflare Host Support

If your code validates a user based on IP address, you'll need to adjust the way CDN passes IP with CDN. The user who is accessing your site is not connecting directly to the server. As a result, unlike without CDN, the user's IP address is not directly accessible in the code. In order for the code to function as it did before CDN, a web server module must be added. If you're using shared hosting, you'll need to see if your host supports CDN, but most do. If you're using a Virtual Dedicated Server or a Dedicated Server, you'll either need to add CDN modules to the webserver (Apache) or adjust the code to support CDN approach of retrieving user's IP.

 

Why Do You Need External Testing

External penetration testing is a must if you've implemented new applications or infrastructure or if you've made significant changes to your existing infrastructure. Your systems can be put through their paces in the safest possible environment. During the test, you can see how the system responds to threats, and you can identify any potential weaknesses or vulnerabilities. Hackers typically target the following:  

Errors in data structures,

  • Unsafe conditions
  • Errors in the code 
  • Vulnerabilities in operation 
  • Incorrect service configurations  

There are no negative effects on your operation because this is a simulation. Hackers are likely to attack or exploit your security flaws in this test. A predetermined scope and timing for your penetration test will allow you to focus on specific areas of your cybersecurity system that need improvement.

Advantage of penetration testing

To summarize, As we often say in the security industry, a chain is as strong as its weakest link. No matter how much time you’ve spent configuring CDN, it can be bypassed if your web app can be directly reached through the server IP by our misconfiguration, then all protections offered by CDN are also bypassed. They become totally useless as you’re not protected anymore.

The major reason penetration testing are important for an organization's security is that they teach employees how to deal with any form of malicious break-in. Pen tests are used to determine whether a company's security practices are truly effective. To know further on how Briskinfosec can help you out on pentest. Reach us out.