Advanced WAF Features

1 min read Web Security Fundamentals

Advanced WAF Features

Modern WAFs offer sophisticated features beyond basic attack blocking. Understanding and implementing these capabilities provides enhanced protection and operational efficiency.

Bot Management distinguishes between good bots (search engines), bad bots (scrapers, vulnerability scanners), and human users:

# Cloudflare Workers bot management
addEventListener('fetch', event => {
  event.respondWith(handleRequest(event.request))
})

async function handleRequest(request) {
  const botScore = request.cf.botManagement.score
  
  if (botScore < 30) {
    // Likely automated
    return new Response('Access Denied', { status: 403 })
  }
  
  // Add challenge for suspicious scores
  if (botScore < 50) {
    return fetch(request, {
      cf: { challengeTTL: 300 }
    })
  }
  
  return fetch(request)
}

API Protection addresses the unique security requirements of REST and GraphQL APIs:

# OpenAPI schema validation
SecRule REQUEST_URI "@beginsWith /api/v1/" \
    "id:100050,\
    phase:2,\
    pass,\
    nolog,\
    exec:/usr/local/bin/validate-api-request.sh"

# Rate limiting per API key
SecRule REQUEST_HEADERS:X-API-Key "^(.+)$" \
    "id:100051,\
    phase:1,\
    pass,\
    nolog,\
    setvar:tx.api_key=%{MATCHED_VAR},\
    setvar:api_key.%{tx.api_key}=+1,\
    expirevar:api_key.%{tx.api_key}=60"