How To Disable Web Application Firewall

Site administrators often implement a Web Application Firewall (WAF) to block malicious traffic and protect their systems. However, in doing so, they may inadvertently block legitimate traffic as well. A common example of this is a false positive, where the WAF incorrectly identifies a valid request as a threat. False positives are one of the main challenges for any WAF, as they indicate that the firewall may be overburdened and using excessive resources to perform tasks it shouldn't be. As a result, a significant amount of legitimate traffic is blocked, which can be just as damaging as the attacks the WAF is trying to prevent.

Dealing with false positives can lead administrators to consider disabling the WAF, but doing so comes with its own set of risks. While turning off the firewall may reduce the occurrence of false positives, it also exposes the system to potential security vulnerabilities. The process of fine-tuning or troubleshooting false positives can be time-consuming, but it's crucial to strike the right balance between security and accessibility to ensure that only malicious traffic is blocked, without affecting legitimate users.

The transfer has triggered a web application firewall

This warning is likely to be displayed when one of the transfers taking place over the internet or other network violates policies set down in the firewall. The firewall will then ask you to either add rules, allow the transfer or automatically block the transfer unless you add an exception in the permissions tab.

How to remove web firewall for an application

Some admins almost never leave WAF enabled for a site to expedite the process of website loading. If you want to remove web firewall from an application, you can do so by logging in to cPanel.

From your cPanel dashboard, go to the "ModSecurity" option under the "Security" tab. Now choose the domain that you wish to disable and click on the "off" next to it.

This is also the accepted method for handling false positives.

How to Enable/disable rules in Firewall

You can either disable a specific rule or completely remove arguments from getting inspected by a rule. You can also disable a rule pertaining to a specific request at runtime or remove an argument again from inspection by any rule for a specific request at runtime.

How to block an application in Firewall

To block an application in Firewall, you will need to define a new rule. Open firewall and click settings, then go to advanced settings.

In the advanced tab, click on outbound rule and click New Rule.

To prevent applications from connecting to the internet, define outbound rule and Inbound to stop external connection from accessing your apps. For example, if you define an inbound rule and restrict connection to the Email app, you will stop receiving mails but may continue sending them. If you define an outbound rule instead, you will not be able to send mails but messages from external mail servers will get delivered to your inbox.

In the New Rules tab, click Programs. Note that we are disallowing an app the access to the internet so choose Programs, not Ports.

As soon as you click Programs, the system will ask you to choose the app from the system menu. Do that and click next.

You have now successfully set up a new rule.

Note - Windows may populate your file path but the Firewall may not yet execute the rules. You need to replace the file path and remove environment variables. Select absolute path instead. Here's an example.

The environment variable "%USERPROFILE%" has crept into the address. This will create conflicts if executed in the Firewall.

Here, we have removed the environment variable and replaced it with absolute path. This should work pretty much fine. Execute the new rule with test variable once.

Web Application Firewall vs Firewall

A web application firewall protects user-facing applications such as websites and APIs from malicious intrusion whereas a conventional firewall shields an entire network against vulnerabilities.

Let us go through the key differences between the two types of firewalls:

1) A WAF focuses mainly on the web application while a firewall focuses on the entire network.
In other words, a WAF monitors the data and traffic going out of and coming to an application. A firewall, on the other hand, secures a network from other untrusted networks.

2) WAFs and firewalls are placed at different locations on the network
A traditional firewall is usually placed on the edge of a network that it aims to protect from other unknown, untrusted networks. A WAF, on the contrary, is placed before web applications and servers it seeks to protect.

3) WAFs and firewalls offer protection against different kinds of threats
A conventional firewall is meant to allow or deny access to networks, whereas a WAF typically focuses on security threats web applications or servers face including DDoS attacks, SQL injection, etc.

4) WAFs and firewalls focus on different layers of the OSI model
While a WAF focuses on the application layer (layer 7) that's closest to the user, a firewall focuses chiefly on the network layer (layer 3) and transport layer (layer 4).

5) WAFs and firewalls have different use cases
WAFs are usually placed in zones that have internet access as they offer protection to web applications and servers. A WAF beefs up the overall security of the network, so it is often used as an add-on, rather than a substitute for a traditional firewall.

A firewall, on the other hand, protects an individual user as well as the network of all users (e.g. LAN). Though an effective tool, it lends protection at the most basic level, that's why it is used along with a WAF to augment the security of a network.

More often than not, a network has multiple firewalls to ensure protection against various kinds of threats at different levels.

Was this answer helpful? 14 12