WAF Curator
Please note that any website can be subject to DDoS attacks and hacking.
If you are hosting your website (application) infrastructure in Selectel, we recommend that you activate tamper protection WAF Curator.
To protect against hacking, you first need to protect the site at the network level, then protect the application — to do this, you connect Curator Protection (both L3 and L7) and WAF Curator.
Read more about the protections provided by Curator at article.
WAF allows you to identify and block attacks that are on the OWASP Top-10 threat list:
- injections;
- Authentication and session management shortcomings;
- Cross-site scripting (XSS);
- unsafe direct references to XML objects and external entities (XXE);
- incorrectly configured security settings;
- access control deficiencies;
- Cross-site request spoofing (CSRF);
- unsafe deserialization;
- Use of components with known vulnerabilities;
- unchecked redirects and forwards;
- shortcomings of journaling and monitoring.
Principle of operation
Curator's integrated WAF solution, based on SolidWall WAF, is a tool to close web application vulnerabilities. As a member of the broad WAF NG class, this solution uses a positive model to protect web applications — but unlike others, it contains a negative query analysis model inside. This combined approach allows for a significant reduction in implementation resources. This is due to the fact that any positive model needs to be trained, which requires significant time and labor and takes on average 1 to 3 weeks, during which time the web resource remains virtually unprotected. Curator's integrated solution together with SolidWall WAF, which already has a negative model inside it, allows you to immediately cut off a wide class of vulnerabilities.
Cost
The service is provided according to tariffs:
- Elementary WAF
- Advisory WAF
The billing period is a calendar month. The subscription fee is charged in full on the 1st day of each month. The start of commercial use of the service is agreed individually.
The traffic bandwidth is measured every three minutes. The 30th maximum value in a month (1.5 hours) is not counted. The 31st maximum value is the desired bandwidth value.
The amount of legitimate traffic included in the service package is 3 Mbps. If the included amount of legitimate traffic is exceeded, additional traffic is paid for separately upon use.
Connect the service
- В control panels go to Network services → DDoS protection.
- Press the button Order Services.
- On the desired rate line (Elementary WAF, Advisory WAF), press Pay.
- Click Pay for the service.
- We will send you a ticket in which we will specify the details. When the protection is activated, in the same ticket we will send you login details to the partner's personal cabinet, where you can customize protection.
Configure protection
To access your personal account Curator enter the login and password you received in the ticket.
You can track in your personal account:
- monitoring dashboards;
- display of security events with grouping support;
- displaying the log of blocked transactions.
When connecting the Advisory tariff in the personal cabinet, there is an option to enable/disable protection and false alarm suppression.
Deactivate the service
To disconnect the service, file a ticket.
The amount of the subscription fee is fixed and does not depend on the duration of services rendered in the reporting period.
30 calendar days before the disconnection, a corresponding notification will be sent in the ticket. Upon agreement, disconnection is possible from the 1st day of the next calendar month. Subscription fee for the current period will not be refunded.