Anyone use Cloudflare WAF ?
Discussion
I've been indirectly involved in speccing a service out for annual results webcast to protect against DDoS. It worked, we got metrics on the number of threat actors who tried to impact it and it stayed up. The service was surprisingly cheap for what it was and was being VARed through our ISP.
Sorry for not responding.
We're currently building a mobile trading app that bolts onto our existing (in-house) Trading system with the normal stuff like Global Equities, FX, Funds, Bond Trading, FiX connections to counterparties and routing to Bloomberg EMSX. We're also soon to be launched on-boarding app that lets clients sign-up and then eventually securely upload their KYC documentation.
We're looking to protect these apps and our API from the normal threats and use the CDN capabilities to maximize uptime
So normal stuff like
DDOS
OWASP vulns
Botnets etc
I understand Cloudflare are reasonably priced vs other competitors, I was just interested in people's experiences with the service.
I think Akamai might be out of our price range unfortunately.
We could utilise our Fortigate infrastructure and purchase FortiWeb, but that means purchasing at least 2 appliances for the Primary and DR sites.
We're currently building a mobile trading app that bolts onto our existing (in-house) Trading system with the normal stuff like Global Equities, FX, Funds, Bond Trading, FiX connections to counterparties and routing to Bloomberg EMSX. We're also soon to be launched on-boarding app that lets clients sign-up and then eventually securely upload their KYC documentation.
We're looking to protect these apps and our API from the normal threats and use the CDN capabilities to maximize uptime
So normal stuff like
DDOS
OWASP vulns
Botnets etc
I understand Cloudflare are reasonably priced vs other competitors, I was just interested in people's experiences with the service.
I think Akamai might be out of our price range unfortunately.
We could utilise our Fortigate infrastructure and purchase FortiWeb, but that means purchasing at least 2 appliances for the Primary and DR sites.
Edited by juice on Saturday 16th July 09:48
Cloudflare will help you with your requirements certainly. It also hosts our DNS which makes life a lot easier too.
Make sure that you lock down the apps to be accessible only from cloudflare data centers otherwise you'll negate the benefits.
Caching works really well too, I think it served/cached about 2tb of data last month whilst Azure only transferred out 300gb.
Make sure that you lock down the apps to be accessible only from cloudflare data centers otherwise you'll negate the benefits.
Caching works really well too, I think it served/cached about 2tb of data last month whilst Azure only transferred out 300gb.
Edited by CharlieCrocodile on Saturday 16th July 18:34
I used cloudflare for an API, for us it was purely down to cost, they were pricing us on bandwidth and since the majority of our traffic was API our bandwidth relative to our number of requests was extremely low, we were using google cloud and our bandwidth discount with them for using cloudflare was more than our cloudflate subscription. Now working with AWS and cloudflare are not pricing anywhere near as competitively for me.
This was a web API and the WAF rules were reasonable for our purposes although not brilliant, rate limiting was excluded and would have massively increased our costs.
I'm not convinced it would be particularly great for mobile app API although it has been 3 years since i last used it I know they have expanded its capabilities.
Most of the cloud providers have API gateways that would not necessarily need waf and would probably be more appropriate unless you have a hard requirement to have waf.
This was a web API and the WAF rules were reasonable for our purposes although not brilliant, rate limiting was excluded and would have massively increased our costs.
I'm not convinced it would be particularly great for mobile app API although it has been 3 years since i last used it I know they have expanded its capabilities.
Most of the cloud providers have API gateways that would not necessarily need waf and would probably be more appropriate unless you have a hard requirement to have waf.
As above the business tier is amazing value and make sure you lock down your firewall to only allow Cloudflare IP addresses to hit your sites.
It won't work miracles if you've written a bad application that can be exploited but it will do a lot to soak up and "bad" traffic and deal with attempts to exploit common vulnerabilities and bots etc.
It won't work miracles if you've written a bad application that can be exploited but it will do a lot to soak up and "bad" traffic and deal with attempts to exploit common vulnerabilities and bots etc.
Gassing Station | Computers, Gadgets & Stuff | Top of Page | What's New | My Stuff