Stanford
Stanford Sites User Guide

Web Application Firewall (WAF)

UIT has engaged with Acquia to implement the Acquia Cloud Edge Web Application Firewall (WAF) and Content Delivery Network (CDN). Anonymous users should experience faster load times for cached content, particularly from locations farther away from the AWS US-West region (e.g., India, Africa, and so forth). Sites benefit from increased performance and stability, as this service adds an additional layer of caching, distributed asset delivery, and protection from malicious actors.

Benefits

Performance Enhancement

The Acquia Cloud Edge WAF and CDN ensure optimal performance by delivering cached content with reduced latency. Anonymous users will experience quicker load times, especially for content accessed from geographically distant regions, such as India and Africa.

Security Enhancement

This implementation adds an extra layer of caching and asset delivery, leading to improved performance and stability. Furthermore, the Web Application Firewall (WAF) provides enhanced security by protecting your site against malicious actors, helping to safeguard your data and ensure a safe browsing experience for your users. Additionally, by blocking malicious, high-volume traffic at the edge, the WAF leads to improved stability for sites on shared infrastructure.

Implementation Status

UIT, in collaboration with Acquia, has already successfully implemented the Acquia Cloud Edge WAF and CDN on more than 300 production sites. UIT plans to extend this coverage to include all sites hosted on Acquia.

Accessibility Benefit

A notable advantage of adopting Acquia Cloud Edge is that websites hosted on this platform can be scanned directly by SiteImprove. This streamlines the process of identifying and addressing accessibility issues, contributing to a more inclusive online experience for all users.

Transition Process

Transitioning to Acquia Cloud Edge WAF and CDN has proven to be seamless in our experience. The transition process is designed to minimize disruption and maximize benefits. The implementation generally takes a short amount of time, and the there should be no impact on your website's availability and functionality.

Important note

Effect on publishing new content

The WAF caches content to create a better experience for your site. This means that there is a delay of up to 5 minutes before newly created content or content changes appear to site visitors.

The WAF does not have any effect on the display of content for users who are logged in as editors.

What triggering the WAF looks like

You may see two different triggered error pages, WAF blocking and Penalty Box. 

  1. WAF blocking error page gets triggered on a malicious request.
  1. The Penalty Box error page gets triggered when you (or someone at your IP address) have triggered the WAF multiple times. Penalty Box applies to your IP address across the entirety of all sites on the WAF for 10 minutes. You will be blocked out of all sites on the WAF for 10 minutes.

Related Topics

Included Modules

Click on the name of the module to learn more about what it does and how to use it.

Stanford Basic Theme

Stanford Sites comes with a theme called Stanford Basic for use by official Stanford units.

Stanford Sites Intranet

Stanford Sites Intranet is a fee-based service for building and managing a website for private, secure information sharing.