This article deals with the Filter, GeoIP and WAF features of WEDOS Protection. For information on Captcha and Cookies, visit this link.
In this article, you will learn:
WEDOS Protection Features
To protect your web, WEDOS Protection proxy servers use the following features:
- Filters: Using filters, the system blocks a wide range of threat types. You can also filter traffic directed to specific URLs on your domain. To learn more, check out Filters.
- GeoIP: This feature expands filters, enabling you to allow or block incoming requests from IP addresses by country. To learn more, check out GeoIP.
- WAF: The Web Application Firewall acts as an additional fine filter which analyzes and potentially blocks malicious activity. To learn more, check out WAF.
These features are in AI mode by default. This means that any event recognized as a threat automatically informs the entire system’s decisions on how to handle it. Users with the Expert subscription plan and above can enable Custom settings in addition to AI Mode.
Security feature AI Mode cannot be disabled.
Protection Feature Setup
To access the feature settings, follow these steps:
- Log into the WEDOS Global Admin panel ⧉.
- Select a domain or template to set up.
- In the left menu, select the feature to set up.
Filters
WEDOS Protection currently uses five types of filters:
- IP Filter: Traffic coming from IP addresses or ranges listed here are blocked by the proxy and do not reach your web server. This filter is especially helpful if an attack is coming from a single IP address or small subnet.
- ASN Filter: In addition to IP addresses, you can also block traffic from selected Autonomous System Numbers. An Autonomous System (AS) is a group of one or more IP prefixes run by one or more network operators that maintains a single, clearly defined routing policy. The network operators must have an ASN to control routing within their networks and to exchange routing information with other ISPs.
- User Agent Filter: A user agent identifies the type of application, operating system or other entity requesting access to your web server. They typically identify themselves with the
User-Agentheader. Attackers may fake this header to announce themselves as a different client (agent spoofing). - URL Filter: This filter sets up protected URLs on your domain, blocking any incoming traffic to the filtered addresses. In this regard, it works differently from the filters above.
- GeoIP filter: Since most IP addresses also carry the information on which country they are allocated to, you can quickly filter for an entire country. Because of its extensive setup, the GeoIP filter has its own section.
When accessed from a browser, blocked devices display an Access Denied error page. Otherwise, the blocked content returns a 456 error.
In the Start and Advanced subsription plans, all filters are AI Mode only. To add your own IPs, ASN, User Agents and protected URLs, upgrade to the Expert plan.
GeoIP
GeoIP is a type of filter which allows you to set up specific rules for specific countries, as chosen on a map. In addition to access (allow or block traffic), the GeoIP filter can also manage where to deploy Captcha or Cookies as a protective measure.
In the Start and Advanced subsription plans, GeoIP is AI Mode only. To unlock the management interface (map), upgrade to the Expert plan.
WAF
The Web Application Firewall handles traffic in addition to the filters. The firewall rules currently enable two levels of paranoia (the higher the level, the higher the risk of a potential false positive), with the lowest level (Level 1) being the default setting.
In the Start and Advanced subsription plans, the paranoia level cannot be changed. Expert plan users can upgrade to Level 2, which offers more protection, at a higher rate of false positives.
FAQ
How do I turn off AUTO AI on Protection features?
AUTO AI is always enabled. You can add your own rules in custom mode, but the AI cannot be disabled.