WAF (Web Application Firewall) Rules Auto-Configurator

The Web Application Firewall (WAF) is one of the key elements of Imunify’s web server protection system. It contains hundreds of rules to protect against all known (and some as-yet unknown) vulnerabilities. 

Our rule-intensive WAF provides excellent protection, but it does have potential drawbacks. The more rules are included, the more resources Imunify can consume, and the slower the server can get. Also, including more rules can increase the number of false positives, or erroneously identified “threats.” How could the WAF include enough rules to provide great protection, without slowing down the server or generating more false positives? That’s the challenge the Imunify development team set out to meet, and they did it with Imunify’s new WAF Rules Auto-Configurator. 

The WAF Rules Auto-Configurator configures rules for particular sites, based on the CMSes they run. For instance, if a site is running WordPress, then Imunify applies a set of rules optimized to protect WordPress sites. Rules for Joomla, or Drupal, or any other CMS aren’t used. By the same token, if a site runs Drupal, then Drupal-specific rules are applied. 

Examining The Benefits

Let’s examine the benefits of Imunify’s new WAF Rules Auto-Configurator in detail: 

• Fewer False Positives
  False positives usually occur when WAF rules designed to protect application stops legitimate requests to access an updated version of the same application. Or, when rules that protect one application stop normal requests to access another. By applying application-specific rulesets precisely, the WAF Rules Auto-Configurator reduces the number of false positives identified by Imunify360.
• Lower Resource Usage
  Because a server running the WAF Rules Auto-Configurator has fewer rules to process, it uses fewer CPU resources and less memory. This enables it to serve more requests with its existing hardware. 
• Fully Automated Management
  The WAF Rules Auto-Configurator is fully automated. It recognizes the CMS being used on a particular domain, then determines the optimal set of rules for that CMS. It also continuously tracks the installed version, and tunes the optimal set of rules to correspond to that version.

How To Enable It

To enable the WAF Rules Auto-Configurator, follow these instructions:

1. Navigate to the Settings page, then click the General tab.
   
   
   
   
2. Scroll down to WAF Settings, then enable the “Apply CMS-specific WAF Rules” option.
   
   
   
   
3. Save these changes

To enable it from the CLI, just run this command:

imunify360-agent config update '{"MOD_SEC": {"app_specific_ruleset": true}}'

It can take some time to scan all software on the server and reconfigure ModSecurity rules in an optimal way. To speed up the process, run this command:

/opt/alt/python35/share/imunify360/scripts/update_components_versions.py --update-modsec-rulesets

Please Share Your Feedback

The Imunify product team would like to hear from you. To share your ideas and observations on Imunify’s web server protection system, please send them to us at feedback@cloudlinux.com.

If you have questions on how to use Imunify360, or you’d like to resolve a support issue, please contact the Imunify360 support team at cloudlinux.zendesk.com.