Skip to main content

WAF Curator

Last update:

Protection of web applications against targeted attacks in partnership with Curator.

The main task of WAF Curator is to block attacks and eliminate vulnerabilities included in the OWASP Top Ten project's list of common web application vulnerabilities. .

The service is provided only as an add-on to the Curator Protection service.

How it works

After enabling the service, application traffic that is already passing through the basic Curator protection is additionally redirected to the WAF Curator protection system.

For the first two weeks after the service is enabled, the system operates in monitoring and learning mode to learn how to specifically protect your application. To do this, the system analyzes user behavior and checks traffic for compliance with known types of attacks.

During the learning phase, Curator specialists independently monitor anomalies and suppress false positives—requests from real users that the system mistakenly identified as an attack.

Based on the collected data, filtering rules are generated and the accuracy of attack blocking is improved.

Once system learning is complete, Curator specialists will notify you via a ticket in the Curator control panel, and you will be able to enable protection.

Pricing

On the day of activation, a one-time payment equal to the cost of the selected plan is charged. Then, the payment is automatically charged on the first day of each month. The monthly payment includes:

  • monthly fee — a fixed payment for the next month;
  • connecting an additional domain.

The plan includes 3 Mbps of bandwidth. If this value is exceeded, each additional Mbps is paid for separately. An invoice for the additional bandwidth is generated in the control panel within five business days after the end of the calendar month.

Pricing for the WAF Curator subscription fee, additional Mbps, and connecting an additional domain can be found on selectel.ru.

Bandwidth calculation

Only legitimate traffic—traffic cleared of malicious requests—is billed. Attack traffic is not taken into account.

To calculate bandwidth, the volume of outgoing traffic and incoming traffic, cleaned by the filtering system, is measured every minute. The maximum value for each minute is selected from the obtained values. At the end of the calendar month, all values are sorted in descending order. The 90 highest values are excluded from the calculation. The remaining value is rounded down to the nearest whole integer in Mbps—this number is the bandwidth value. If it exceeds 3 Mbps, each additional Mbps is paid for separately.

Enable service⁠​

  1. In the control panel, on the top menu, click Products and select DDoS Protection.
  2. Go to the DDoS Protection section.
  3. Click Order services.
  4. In the row for the required plan (Curator — Elementary WAF, Curator — Advisory WAF), click Pay.
  5. Verify the details and click Pay for service.
  6. We will create a ticket to enable the service, in which we will clarify a convenient day for you to connect.

Working in the Curator control panel

Login credentials for the Curator control panel will be sent to the email address you specified when ordering the Curator Protection service.

In the Curator control panel, you can:

Enable protection

When system learning is complete, Curator specialists will notify you in the control panel. After this, you can enable attack blocking mode; to do this, in the WAF section, select the Active protection checkbox.

If your application is under attack but system learning is not yet complete, contact Curator technical support to discuss enabling attack blocking mode on an individual basis.

Suppress a false positive

During the system learning phase, Curator specialists suppress false positives so that their number is minimal when protection is operational.

After system learning is complete, you can independently monitor false positives using the statistics tools.

If you notice a false positive, contact Curator technical support in the control panel and specify the transaction number of the false positive. The transaction number can be viewed in the transaction list in the WAF section. Curator specialists will analyze the anomaly and adjust the model's operation. Filtering rules will be automatically reconfigured, and the system will allow similar requests. You can also suppress false positives yourself.

View statistics⁠​

Statistics are available in the WAF section. Here you can view:

  • a dashboard with key traffic metrics;
  • security events grouped by type and threat level;
  • a list of transactions — requests, responses, and errors.

Disable service⁠​

To disable WAF Curator, create a ticket.

The service is disabled on the last day of the calendar month. If you need to disable the service earlier, no refunds are provided for the current month.

If, in the last month of service, bandwidth usage exceeded 3 Mbps, an invoice for the additional bandwidth will be generated in the control panel within five business days after the end of the calendar month.

Disabling WAF Curator does not affect the main Curator protection — it will continue to work.