In this recurring blog series, we discuss one of the countermeasures in UltraWAF, our Web Application Firewall and Bot Management solution.
If you’re not using UltraWAF and protection for your online presence, get in touch with us via the “Speak to Sales” button on our website.
Deny URL – the featured countermeasure of the month.
Our featured countermeasure this month is Deny URL, found under the Advanced Signatures in the WAF tab. It is a versatile tool for blocking vulnerabilities, abuse, scrapers, scanners, and DDoS bots. The countermeasure itself is simple: it uses regular expression (regex) matching against the request’s URL. Typically, WAF administrators build a match pattern for part or all the path (/path/to/application/), a specific page (index.php), or both combined (/path/to/application/index.php).
The countermeasure includes 26 pre-populated URL patterns that you can easily select, modify, and add to the policy.
For instance, the “Unix File Attacks” has a pattern to identify the file paths listed below in the URL:
/etc/passwd /etc/group /etc/hosts 
With Deny URL, you have the power to create custom patterns, an extremely useful capability. For instance, in response to a recent application-layer DDoS attack on one of our UltraWAF customers, we developed a pattern that identifies any section of the path containing 25 or more letters or numbers. This allows for effective protection and enhanced security.
An organization can utilize Deny URL to restrict administrative access to the WordPress Content Management System, which is often targeted by attacks.
Learn more.
To learn more about our UltraWAF solution, please visit the product page.
