How To Disable Web Application Firewall
Site
administrators will introduce a Web Application Firewall or WAF for the purpose
of blocking malicious traffic. But, in the process it may end up blocking some
valid traffic too. For instance, a false positive is one such instance where
the WAF can block a valid request. False positives behave as the natural
enemies for any Web Application Firewall installation. Every such instance
suggests that the WAF is perhaps overworked and it eats up too many resources
to do tasks which it should not. So, a lot of the legitimate traffic cannot
pass through. Damages from false positives can actually be almost as bad as
damages from any cyber-attack. You may thus be triggered to turn off WAF.
Turning off the installation can help you lessen false positives but is a
time-consuming process.
The
transfer has triggered a web application firewall
This
warning is likely to be displayed when one of the transfers taking place over
the internet or other network violates policies set down in the firewall. The
firewall will then ask you to either add rules, allow the transfer or
automatically block the transfer unless you add an exception in the permissions
tab.
How to remove web firewall for an
application
Some
admins almost never leave WAF enabled for a site to expedite the process of
website loading. If you want to remove web firewall from an application, you
can do so by logging in to cPanel.
From
your cPanel dashboard, go to the "ModSecurity" option under the
"Security" tab. Now choose the domain that you wish to disable and
click on the "off" next to it.
This is also the accepted method for
handling false positives.
How to Enable/disable rules in
Firewall
You
can either disable a specific rule or completely remove arguments from getting
inspected by a rule. You can also disable a rule pertaining to a specific
request at runtime or remove an argument again from inspection by any rule for
a specific request at runtime.
How to block an application in
Firewall
To
block an application in Firewall, you will need to define a new rule. Open
firewall and click settings, then go to advanced settings.
In
the advanced tab, click on outbound rule and click New Rule.
To prevent applications from
connecting to the internet, define outbound rule and Inbound to stop external
connection from accessing your apps. For example, if you define an inbound rule
and restrict connection to the Email app, you will stop receiving mails but may
continue sending them. If you define an outbound rule instead, you will not be
able to send mails but messages from external mail servers will get delivered
to your inbox.
In
the New Rules tab, click Programs. Note that we are disallowing an app the
access to the internet so choose Programs,
not Ports.
As
soon as you click Programs, the system will ask you to choose the app from the
system menu. Do that and click next.
You
have now successfully set up a new rule.
Note - Windows may populate your file path but the Firewall may not yet execute the
rules. You need to replace the file path and remove environment variables.
Select absolute path instead. Here's an example.
The environment variable "%USERPROFILE%" has crept into the address. This will create conflicts if
executed in the Firewall.
Here,
we have removed the environment variable and replaced it with absolute path.
This should work pretty much fine. Execute the new rule with test variable
once.
Web Application Firewall vs Firewall
A web application firewall protects user-facing applications such as websites and APIs from malicious intrusion whereas a conventional firewall shields an entire network against vulnerabilities.
Let us go through the key differences between the two types of firewalls:
1) A WAF focuses mainly on the web application while a firewall focuses on the entire network.
In other words, a WAF monitors the data and traffic going out of and coming to an application. A firewall, on the other hand, secures a network from other untrusted networks.
2) WAFs and firewalls are placed at different locations on the network
A traditional firewall is usually placed on the edge of a network that it aims to protect from other unknown, untrusted networks. A WAF, on the contrary, is placed before web applications and servers it seeks to protect.
3) WAFs and firewalls offer protection against different kinds of threats
A conventional firewall is meant to allow or deny access to networks, whereas a WAF typically focuses on security threats web applications or servers face including DDoS attacks, SQL injection, etc.
4) WAFs and firewalls focus on different layers of the OSI model
While a WAF focuses on the application layer (layer 7) that's closest to the user, a firewall focuses chiefly on the network layer (layer 3) and transport layer (layer 4).
5) WAFs and firewalls have different use cases
WAFs are usually placed in zones that have internet access as they offer protection to web applications and servers. A WAF beefs up the overall security of the network, so it is often used as an add-on, rather than a substitute for a traditional firewall.
A firewall, on the other hand, protects an individual user as well as the network of all users (e.g. LAN). Though an effective tool, it lends protection at the most basic level, that's why it is used along with a WAF to augment the security of a network.
More often than not, a network has multiple firewalls to ensure protection against various kinds of threats at different levels.
Was this answer helpful?
12
12