MGT WAF – Web Application Firewall for Magento

• What is a Web Application Firewall (WAF)?

• What is MGT WAF?

• Benefits of MGT WAF

• Visibility in Real-Time

• Magento 2 Module

• Magento 1

• Included in our Multi-Server and Auto-Scaling Plans

What is a Web Application Firewall (WAF)?

A Web Application Firewall is an essential security product that protects web applications from attacks and filters malicious traffic before it reaches your server. It helps ensure that your regular Magento security scans are passed. A Web Application Firewall protects you against known threats such as SQL Injection (SQLi), Cross-Site-Scripting (XSS), DDoS Attacks, Cross-Site request forgery (CSRF), file inclusion, clickjacking, and many more.

What is MGT WAF?

MGT WAF is a managed Web Application Firewall on top of the AWS WAF that protects your Magento shop against common web exploits that may affect availability, compromise security, or consume excessive resources. For Magento 2, we have developed a module that our customers can block countries, IPs, and Bots independently. Furthermore, the rate limit for blocking IPs automatically can be adjusted.

Benefits of MGT WAF

• Denial-of-Service Attack Mitigation: Mitigation against DDoS attacks to prevent downtime
• SQL-Injection Protection: SQL-Injections on headers, query parameters, inputs and body data are filtered
• Cross-Site Scripting Protection: Prevents attacks against Cross-Site Scripting (XSS)
• Linux Attacks: Request patterns are blocked associated with the exploitation of vulnerabilities specific to Linux, including LFI attack
• Rate-Limit: Protection against HTTP Flood, which may affect the performance and availability of your shop
• Full Visibility: Real-time metrics are provided with information about IP addresses, geolocation, URIs, user agent, and referrers
• Country Blocking: Block traffic from unwanted countries
• Bot and IP Blocking: Bad bots, crawlers, and IPs can be blocked to deny access
• Auto-updates: Updates against new malicious attacks are automatically applied
• Magento Backend IP Restriction: Magento backend can be restricted by allowing a set of IPs to enter
• Fully Supported: MGT WAF is fully managed and supported by our team

Visibility in Real-Time

Real-time metrics and captures raw requests that include details about IP addresses,

Geo-locations, URIs, User-Agent, and Referers are displayed in real-time.

Magento 2 Module

We have developed a module for Magento 2. Our customers can block IPs, countries, bots and configure the rate limit to prevent HTTP flood attacks that may affect availability and performance.

Speaking of performance: Check out all there is to know about Magento 2 speed optimization.

Module Features

• IP Blocking: IPv4 and IPv6 IP addresses can be blocked
• Country and Bot Blocking: Traffic from unwanted countries and bots can be blocked
• Rate-Limit: IPs are automatically blocked after hitting the limit
• Rate Limit Whitelist: Whitelist IPs which should not be blocked, e.g., your office IPs
• Magento Backend IP Restriction: Whitelist IPs which should have access to your Magento backend

Module Screenshot

Magento 1

MGT WAF is available for Magento 2 and Magento 1. The official support for Magento 1 ends in June 2020.

At this point, no security patches are provided anymore by Magento. Running a Magento 1 shop without a security service before June 2020 is very dangerous and could be a very attractive target for a hacker.

Included in our Multi-Server and Auto-Scaling Plans

MGT WAF is included in all of our Multi-Server and Auto Scaling plans but can also be ordered as an add-on on top of our Single Server plans.

Find more Information here!