Coming Soon
Forum

Implementing Web Application Firewall

Welcome To Astlan Forums This Website Forum Implementing Web Application Firewall

Viewing 8 posts - 1 through 8 (of 8 total)
  • Author
    Posts
  • 2020-06-02 at 15:18 #1694
    The Author Guy
    Member
    2020-06-02 at 15:26 #9997
    The Author Guy
    Member

    Hi

    This site is getting attacked pretty frequently by both wizards and rival certain Immortal types, so we are working on implementing a Web Application Firewall and there may be some hiccups/things not working.

    Please email Tizzy and let him know, or post in this topic (if you can)

    Thanks

    T-A-G

    PS, as I work things out, there will be times when it is just monitoring only and times where it is actively protected, so you could see it work one time and then a day later there is an issue.

    2020-06-02 at 15:26 #9998
    Tisslils
    Member

    Cool. Hope you’re getting lots of writing in with everything shut down. Even GRRM is saying he’s making progress because of this.

    2020-06-02 at 15:26 #9999
    The Author Guy
    Member

    It should be great, also no TV.

    But I am in IT and so my clients are working me overtime because now everyone has to work from home and I have to deal with glitches that arrive when people work in uncontrolled environments etc. That’s on my systems side. And on my developer side, I am still overwhelmed because my systems side is taking up too much time.

    But, thank the Five that Netflix has decided to slow down it’s release schedule…that really helps…

    2020-06-02 at 15:26 #10001
    Mikey
    Member

    I’m not seeing a CloudFlare IP on the domain yet?

    2020-06-02 at 15:26 #10002
    The Author Guy
    Member

    Been trying out several things as I have time.

    Previously tried WhiteKnight and am now trying modSecurity, have also been playing with SNORT on the FW.

    The big problem is this site and it’s antiquated software have a lot of bad habits that get it blocked itself by these tools.

    I may end up going to CloudFlare or similar, but the problem is that there are multiple URLs here not just the *.astlan.* but other domains of mine, all of which need to be protected and since I need a paid version of those for the WAF, that is per URL and starts getting expensive.

    As that number adds up, there is ever more incentive to pay someone to port it to another platform (I just don’t have the time) that is more secure and that can more easily be protected.

    I’ve also modernized the OS and the AV/FW local IPS, but this is a rusty bucket of swiss cheese so everything is complicated.

    2020-06-02 at 15:26 #10003
    The Author Guy
    Member

    As a note to everyone, we having some ups and downs as I try to lock down the system.

    ModSecurity seems to be helping, what is not helping is that last week our A/V vendor, who had been doing a good job with their IPS/Firewall stopping stuff, decided to completely upgrade their network stack and it’s caused a lot of havoc on Windows 2019 servers, wasted a lot of time for me with one of my clients and seems to be causing similar issues here.

    The big workaround for most of my clients was to disable the new features and the FW/IPS. Of course, that’s exactly what I need the most at this moment so….

    Please bear with me for the next few days.

    If you want to write a post, I suggest you write it in a text editor, word, or whatever and then copy and paste it in the post box so you can save it quickly and don’t get booted/rebooted or whatever in the middle of a long dissertation.

    T-A-G

    2020-10-29 at 04:10 #10000
    Tisslils
    Member

    Argh, Orcus’ anus.

    Sounds like it’s not going to be easier.

  • Author
    Posts
Viewing 8 posts - 1 through 8 (of 8 total)
  • You must be logged in to reply to this topic.