Protection – Filters, GeoIP, WAF

This article deals with the Filter, GeoIP and WAF features of WEDOS Protection. For information on Captcha and Cookies, visit this link.

In this article, you will learn:

WEDOS Protection Features

To protect your web, WEDOS Protection proxy servers use the following features:

  • Filters: Using filters, the system blocks a wide range of threat types. You can also filter traffic directed to specific URLs on your domain. To learn more, check out Filters.
  • GeoIP: This feature expands filters, enabling you to allow or block incoming requests from IP addresses by country. To learn more, check out GeoIP.
  • WAF: The Web Application Firewall acts as an additional fine filter which analyzes and potentially blocks malicious activity. To learn more, check out WAF.

These features are in AI mode by default. This means that any event recognized as a threat automatically informs the entire system’s decisions on how to handle it. Users with the Expert subscription plan and above can enable Custom settings in addition to AI Mode.

Security feature AI Mode cannot be disabled.

Protection Feature Setup

To access the feature settings, follow these steps:

  1. Log into the WEDOS Global Admin panel ⧉.
  2. Select a domain or template to set up.
  3. In the left menu, select the feature to set up.
Filters, GeoIP and WAF options in a WEDOS Protection domain menu
Filters, GeoIP and WAF options in the WEDOS Protection domain menu

Filters

WEDOS Protection currently uses five types of filters:

  • IP Filter: Traffic coming from IP addresses or ranges listed here are blocked by the proxy and do not reach your web server. This filter is especially helpful if an attack is coming from a single IP address or small subnet.
  • ASN Filter: In addition to IP addresses, you can also block traffic from selected Autonomous System Numbers. An Autonomous System (AS) is a group of one or more IP prefixes run by one or more network operators that maintains a single, clearly defined routing policy. The network operators must have an ASN to control routing within their networks and to exchange routing information with other ISPs.
  • User Agent Filter: A user agent identifies the type of application, operating system or other entity requesting access to your web server. They typically identify themselves with the User-Agent header. Attackers may fake this header to announce themselves as a different client (agent spoofing).
  • URL Filter: This filter sets up protected URLs on your domain, blocking any incoming traffic to the filtered addresses. In this regard, it works differently from the filters above.
  • GeoIP filter: Since most IP addresses also carry the information on which country they are allocated to, you can quickly filter for an entire country. Because of its extensive setup, the GeoIP filter has its own section.

When accessed from a browser, blocked devices display an Access Denied error page. Otherwise, the blocked content returns a 456 error.

In the Start and Advanced subsription plans, all filters are AI Mode only. To add your own IPs, ASN, User Agents and protected URLs, upgrade to the Expert plan.

GeoIP

GeoIP is a type of filter which allows you to set up specific rules for specific countries, as chosen on a map. In addition to access (allow or block traffic), the GeoIP filter can also manage where to deploy Proof of Work as a protective measure.

In the Start and Advanced subsription plans, GeoIP is AI Mode only. To unlock the management interface (map), upgrade to the Expert plan.

To set up custom GeoIP rules, navigate to a Domain’s  GeoIP interface and follow these steps:

  1. Enable Custom GeoIP.
  2. Select a region (continent or country) using the dropdown or map.
  3. Select one of the following actions for that region and click Submit:
    • Allow access: No GeoIP-based block.
    • CAPTCHA verification (Proof of Work): Require visitors to complete a challenge (Proof of Work, such as CAPTCHA).
    • Block with Error Message (HTTP 456): Always block traffic, but display customizable error message.
    • Block silently: Block traffic, return only error code.
  4. Select default action for all other regions.
  5. Click the Save settings button and Confirm.
Sample GeoIP options - Allow Europe, block (with error page) every other continent
Sample GeoIP options – Allow Europe, block (with error page) every other continent

WAF

The Web Application Firewall handles traffic in addition to the filters. The firewall rules currently enable two levels of paranoia (the higher the level, the higher the risk of a potential false positive), with the lowest level (Level 1) being the default setting.

In the Start and Advanced subsription plans, the paranoia level cannot be changed. Expert plan users can upgrade to Level 2, which offers more protection, at a higher rate of false positives.

FAQ

How do I turn off AUTO AI on Protection features?

AUTO AI is always enabled. You can add your own rules in custom mode, but the AI cannot be disabled.

Was this helpful?

Thanks for your feedback!
Generic selectors
Exact matches only
Search in title
Search in content
Post Type Selectors
Article TOC
Browse Categories