Skip to main content

WAF Curator

Last update:

Protecting web applications from hacking in partnership with Curator.

The main task of WAF Curator is to block attacks and fix vulnerabilities that are included in the Open Web Application Security Project's ranking of common web application vulnerabilities.

The service is only connected in addition to Curator's basic protection.

Principle of operation

Once the service is connected, application traffic that already passes through Curator's main protection is additionally redirected to Curator's WAF protection system.

For the first two weeks after the service is activated, the system works in monitoring and training mode to learn how to protect your application specifically.To do this, the system studies user behavior and checks traffic for compliance with known types of attacks.

During training, Curator experts independently monitor anomalies and suppress false positives — requests from a real user that the system mistook for an attack.

Based on the collected data, filtering rules are generated and the accuracy of blocking attacks is improved.

When system training is complete, Curator specialists will notify you in a ticket in your Curator personal account and you can enable protection.

Cost

On the day of connection a one-time payment equal to the cost of the selected tariff is deducted.Then the payment is deducted automatically on the first day of each month.The monthly payment includes:

  • subscription fee — a fixed payment for the next month;
  • connecting an additional domain.

If this value is exceeded, each additional Mbps is paid separately.The invoice for additional bandwidth is generated in the control panel within five working days after the end of the calendar month.

Prices for WAF Curator subscription fee, additional Mbps and additional domain connection can be found at selectel.ru.

Bandwidth calculation

Only legitimate traffic — cleaned from malicious requests — is charged.Attack traffic is not counted.

To calculate the bandwidth every minute the volume of outgoing traffic and incoming traffic cleaned by the filtering system is measured.The maximum value for each minute is selected from the obtained values.At the end of the calendar month all values are sorted in descending order.90 maximum values are excluded from the calculation.The remaining value is rounded down to a whole number of Mbit/s — this number is the bandwidth value.If it exceeds 3 Mbit/s, each additional Mbit/s is paid separately.

Connect the service

  1. In the control panel, click Products in the top menu and select DDoS Protection.
  2. Click Order Services.
  3. In the row of the desired rate (Curator — Elementary WAF, Curator — Advisory WAF), click Pay.
  4. Verify the details and click Pay for the service.
  5. We will create a ticket for connection of the service, in which we will specify a convenient day of connection for you.

Working in Curator's personal cabinet

The data for logging into your Curator personal account will be sent to the e-mail address you provided when ordering the Curator Protection service.

In Curator's personal account you can:

Enable protection

When the system training is completed, Curator specialists will inform you about it in your personal cabinet.After that you can enable the attack blocking mode, for this purpose in the WAF section check the Active protection checkbox .

If your application is under attack but system training has not yet been completed, contact Curator Technical Support to discuss enabling attack blocking mode on a case-by-case basis.

Suppress false alarms

During system training, Curator specialists suppress false alarms so that their number during protection operation is minimized.

After training the system, you can independently track false positives using statistics tools.

If you notice a false positive, contact Curator technical support in your personal cabinet and specify the number of the transaction with a false positive.The transaction number can be viewed in the list of transactions in the WAF section.Curator specialists will analyze the anomaly and adjust the model.The filtering rules will be automatically reconfigured, and the system will skip similar requests.You can also suppress false positives yourself.

View statistics

Statistics are available in the WAF section.Here you can see:

  • A dashboard with key traffic metrics;
  • security events grouped by type and threat level;
  • transaction list — requests, responses, errors.

Deactivate the service

To disable WAF Curator, create a ticket.

The service is disconnected on the last day of the calendar month. If you need to disconnect the service earlier, the payment for the current month will not be refunded.

If the bandwidth exceeded 3 Mbps in the last month of the service, an invoice for the additional bandwidth will be generated in the control panel within five business days after the end of the calendar month.

Disabling Curator's WAF does not affect Curator's main defense — it will continue to work.