SecureCDN WAF Traffic Analysis System Update

By Yaniv Parasol

Over the last few months, we've deployed a major upgrade to the SecureCDN WAF Traffic Analysis System, making it even more accurate, improving the overall performance, and making it easier for customers to understand. 

Here’s How the Traffic Analysis System Works

How The Traffic Analysis System Works

Each request snapshot is sent to the Traffic Analysis System, which tags and classifies the requestor and then sends back the details to each of our network PoPs. When a human user or bot tries to interfere with your website, our analysis system tags them. This reputational data is then shared across all of our sites.

Here’s How It’s Improved

StackPath’s web application firewall (WAF) has a 2-tier architecture. The first tier is the WAF layer located in each point of presence (PoP) on our network. The second tier is our central security cloud, called the Traffic Analysis System. It’s this second tier that we’ve upgraded during our recent deployment.

Traffic Analysis System Improvements:

  • Better overall performance
  • The ability to analyze all types of requests (not just dynamic ones)
  • Superior heuristics by converting condition-to-action based analysis with full heuristics classes
WAF Statistics
WAF Firewall Policies
 

Rules Management and Naming Improvements:

  • Our security rules were upgraded, resulting in a great improvement in the detection of malicious traffic and a decrease in the number of false positives.
  • Rule name has changed from "Block Non-Browser Bots" to "Force Browser Validation on Traffic Anomalies."  This name better describes the situation we want to mitigate.
  • New rule called "Challenge Automated Clients" replaces the rule "Automated Browser Bots."
  • New rule called "Challenge Headless Browsers" replaces the rule "Block Headless Browsers."

Upcoming Updates & Improvements

The current changes enable us to introduce additional functionality that will provide our customers with sophisticated, next-generation website security protection. These additions will include:

  • Tag support on our custom rules engine with richer functionality
  • Rate limitation
  • API protection

If you have any questions about the upgrade, you’re invited to chat with our 24x7 support team here.

Start 15-day Trial

Every Secure Content Delivery Plan includes WAF and DDoS mitigation.

Choose plan