Web Application Firewall (WAF)
UIT has engaged with Acquia to implement the Acquia Cloud Edge Web Application Firewall (WAF) and Content Delivery Network (CDN). Anonymous users should experience faster load times for cached content, particularly from locations farther away from the AWS US-West region (e.g., India, Africa, and so forth). Sites benefit from increased performance and stability, as this service adds an additional layer of caching, distributed asset delivery, and protection from malicious actors.
Benefits
Performance Enhancement
The Acquia Cloud Edge WAF and CDN ensure optimal performance by delivering cached content with reduced latency. Anonymous users will experience quicker load times, especially for content accessed from geographically distant regions, such as India and Africa.
Security Enhancement
This implementation adds an extra layer of caching and asset delivery, leading to improved performance and stability. Furthermore, the Web Application Firewall (WAF) provides enhanced security by protecting your site against malicious actors, helping to safeguard your data and ensure a safe browsing experience for your users. Additionally, by blocking malicious, high-volume traffic at the edge, the WAF leads to improved stability for sites on shared infrastructure.
Implementation Status
UIT, in collaboration with Acquia, has already successfully implemented the Acquia Cloud Edge WAF and CDN on more than 300 production sites. UIT plans to extend this coverage to include all sites hosted on Acquia.
Accessibility Benefit
A notable advantage of adopting Acquia Cloud Edge is that websites hosted on this platform can be scanned directly by SiteImprove. This streamlines the process of identifying and addressing accessibility issues, contributing to a more inclusive online experience for all users.
Transition Process
Transitioning to Acquia Cloud Edge WAF and CDN has proven to be seamless in our experience. The transition process is designed to minimize disruption and maximize benefits. The implementation generally takes a short amount of time, and the there should be no impact on your website's availability and functionality.
Effect on publishing new content
The WAF caches content to create a better experience for your site. This means that there is a delay of up to 5 minutes before newly created content or content changes appear to site visitors.
The WAF does not have any effect on the display of content for users who are logged in as editors.
What triggering the WAF looks like
You may see two different triggered error pages, WAF blocking and Penalty Box.
- WAF blocking error page gets triggered on a malicious request.
- The Penalty Box error page gets triggered when you (or someone at your IP address) have triggered the WAF multiple times. Penalty Box applies to your IP address across the entirety of all sites on the WAF for 10 minutes. You will be blocked out of all sites on the WAF for 10 minutes.
Troubleshooting
When I try to edit a page, I am not able to save my changes. Instead, I receive an error and then I trigger the WAF error page.
If you think you’re getting blocked while editing a page, please let us know and Submit a help request.