A Web Application Firewall (WAF) is a security solution that helps protect web applications by monitoring and filtering HTTP requests. WAFs are designed to protect web applications from various types of attacks, including SQL injection ( SQLi), cross-site scripting (XSS), and file inclusion attacks.

Peakhour offers a WAF module with the following features:

  • Rule Set Selection: You can enable Atomicorp virtual patching on top of the OWASP rulesets.
  • Rule Set Tuning: You can customize the rule sets to meet your website's specific requirements.
  • WAF Mode: You can enable, disable, or set the WAF to warn only.

Peakhour integrates the Atomicorp commercial Modsecurity rules for virtual patching. Atomicorp is an alternative ruleset to OWASP and requires less configuration.

Peakhour also integrates the OWASP Modsecurity Core Rule Set, which is a set of rules aimed at protecting web applications from a wide range of attacks, including the OWASP Top Ten, a list of the most critical web application security risks. This ruleset is recommended for all websites.

Peakhour recommends placing the WAF in warning mode before for testing. This allows you to disable rules that are generating false positives for your website prior to placing in enable mode.

By using Peakhour's WAF module, you can help protect your web application from common attacks and customize the rule set to meet your specific requirements.