constellix background

Build Your Own Custom WAF With Geo IP Filters

February 7, 2022
DNS Provider Resource
Compare DNS Providers - Alternative Comparison Free Demo


Resources:

Subnet Mask Cheat SheetRecords Cheat SheetGeoDNS ExplainedFree Network TroubleshooterKnowledge BasePricing CalculatorLive CDN PerformanceVideo DemosOutage Prevention - CDN Outage - DDos Attack Prevention - DNS Outage


Categories:

BlogsNewsPress ReleasesIT NewsTutorials
Book a Free Demo →

Want DNS Freebies?

Give us your email and we'll send you the good stuff.

Thanks for joining our newsletter.
Oops! Something went wrong.
Enterprise DNS



Categories:

Heather Oliver is a Technical Writer for Constellix and DNS Made Easy, subsidiaries of Tiggee LLC. She’s fascinated by technology and loves adding a little spark to complex topics. Want to connect? Find her on LinkedIn.

https://www.linkedin.com/in/heather-oliver

Connect with
LinkedIn

With the growing demand for online resources, protecting your domain and web applications is paramount for any organization. The fact is, the very thing that makes the internet such a useful tool for businesses and consumers is the same thing that makes it so vulnerable to attacks. It’s easily accessible and the technology allows for creative workarounds for solving modern challenges.

Online is “king” these days. You work hard to maintain your brand image. You strive to stay on the cutting edge of technology and provide value to your customers. 

But guess what?

Cybercriminals work just as hard at trying to find ways to exploit or harm your business and/or your customers. Luckily, there are powerful, cost-effective ways of countering many of today’s cyber attacks.

The Problem: Vulnerability in DNS and Cloud Computing

The truth is, neither the domain name system (DNS) nor the HTTP protocol was designed for modern-day applications. Because of this, there are some facets of cloud computing and DNS that are inherently vulnerable to certain types of attacks.

WAF Protection

As mentioned above, bad actors are always hard at work trying to take down your web applications. Unfortunately, this can easily be accomplished if a system is vulnerable or doesn’t have the right protective measures in place. The types of attacks that a WAF is designed to protect from are:

  • DDoS attacks
  • Floods
  • SQL Injection attacks
  • Cross-Site Scripting (XSS) attacks
  • Zero-day attacks
  • Man-in-the-middle attacks
  • Malware
  • Defacements

Geo IP Filter Protection

Geo IP filters are best suited for stopping or preventing volumetric and amplification attacks.

  • DDoS attacks
  • Flood attacks
  • Zero-day attacks
  • Carding attacks

What is WAF?

A web application firewall (WAF) is an adaptive protection solution that’s placed on the application layer of a network. This technology acts as a gatekeeper by controlling what devices access your web application servers. A WAF can be used on a dedicated physical server, be cloud-based, or host-based, but each type of WAF utilizes rules and policies for traffic analysis to determine whether a request is legitimate or not.  

WAFs work based on requests or by source IPs. When configured to respond based on requests, a WAF can approve or deny an action based on the information in the request. Alternatively, requests can be approved or denied based on where the request comes from (source IPs). You can also choose a default behavior, which will dictate how requests that don’t match a specified rule should be handled. If a request is denied by a WAF, the requesting source will be returned a 403 error code (Forbbiden), which lets the source know its access was denied.

What is WAF?

Host-based Web Application Firewall (HWAF)

This type of WAF is better suited for smaller web applications. HWAFs are software WAFs designed to integrate with web servers. This is a cheaper alternative to running a WAF on a physical server, but it can also result in degraded performance as it’s resource-intensive.

Cloud-based Web Application Firewalls

A cloud-based WAF is highly scalable, making it more suitable for large web applications. Unlike with an HWAF, performance is typically not an issue when properly configured alongside other cloud solutions. While this option scales easily, costs grow as you scale and can become prohibitive compared to a physical solution.

What a WAF Isn’t

It’s important to make the distinction between a WAF and a network firewall. A network firewall controls access between internal network resources and external traffic from the internet. A WAF, on the other hand, is used specifically for monitoring traffic coming in and out of a web application.  

What is a Geo IP Filter?

A Geo IP Filter is a specialized, highly scalable Constellix solution that was developed to protect your domain and web applications on the DNS level. IP filters share similar functionality and offer comparable protection as a WAF for certain types of attacks. With IP filters, you can configure rules that dictate how your web traffic is handled. This is achieved by filtering queries by city, state, country, or region, as well as by ASN or IP address depending on your organization’s unique use case. When utilizing Geo IP filters, you can choose to direct all traffic from a specified area to a designated resource or instruct the query to be dropped altogether if it meets the criteria. A default IP Filter is also required in Constellix as a safeguard for queries that don’t match any of the rules configured for your domain. 

What’s the Difference Between WAF and Geo IP Filters?

While they share some similar functionality, it’s important to note that our Geo IP Filter solution is not a WAF. However, Geo IP Filters can effectively prevent or stop unwanted and/or suspicious traffic from reaching your domain or web application based on predetermined rules or via real-time monitoring. While a WAF is rule-based as well, most WAF services are monitored based on threat feeds or databases and respond automatically. WAFs are also designed to prevent additional threats outside the scope of Geo IP filters.

IP filters work based on preconfigured rules set by your organization and are a manual solution for mitigating attacks. Our Geo IP Filters work best when paired alongside our Real-time Traffic Anomaly Detection service, which instantly alerts you upon detection of any unusual or suspicious activity.

A unique feature of Geo IP Filtering is that it can also be used to optimize your web traffic by setting business rules in front of your DNS. This ensures traffic is routed to specific resources based on a user’s location. Our Geo IP Filters can also be used with other services such as Failover and Round Robin load balancing, or alongside a third-party WAF.

WAF or Geo IP Filters: Which is Best for Your Business?

The answer to this question is highly subjective and truly boils down to the needs of your organization. Both WAFs and Geo IP Filters are excellent solutions that can protect your web applications from DDoS and similar attacks. Geo IP Filters can also be used to help optimize web traffic but must be manually configured to stop new threats. A WAF provides protection for a greater number of threats and is a fully automated solution. For organizations who prefer more control over their traffic and would like to optimize and block malicious traffic while being able to take advantage of other highly redundant and streamlined solutions, our Geo IP Filters would be a perfect fit. If your application is vulnerable to a large number of different threats, using a WAF is the way to go. Of course, you can always opt for the best of both worlds approach and use both!

Related Resources:

What is a DNS Firewall

8 Types of Cyberattacks a WAF is Designed to Stop

What is a Web Application Firewall (WAF)?

Priority DNS Security - image

Need better DNS?
We can help.

• 100% Uptime guarantee
• Configure with ease
• Prevent DDoS attacks
• Monitor your domains
• Optimize site traffic
• Enhance domain performance
• Free POC Account + Demo

BOOK FREE DEMO

Constellix DNS News

WAF, web application firewall, geo IP filter, DNS, cloud, cloud computing, what is waf?

Sign up for industry news and insights. It'll be worth it.

Sign up for news and offers from Constellix and DNS Made Easy

Thanks for joining our newsletter.
Oops! Something went wrong.