Is CDN or WAF enough for your Application Security ?

What is CDN ?

A content delivery network (CDN) refers to a geographically distributed group of servers which work together to provide fast delivery of Internet content.

Features.

  1. Faster web page load times by serving content from locations closer to the user
  2. Web cache deception protection
  3. Improving website security by providing DDOS Protection and certain optimizations.

What is a WAF ?

web application firewall (WAF) protects your Internet property from common vulnerabilities like SQL injection attacks, cross-site scripting, and cross-site forgery requests with no changes to your existing infrastructure.

How CDN and web application Firewalls Protects your Application ?

These products sits in between you and the web application original server. So any malicious payloads or files which you try to execute on the main app goes through these CDN or WAF and as a result it blocks you. Not only this, even if you get the IP address and try to access the app using this IP, it will show that “Direct Access is not allowed”.

 For an instance Take CloudFlare one of the most widely used.

  1. Find a site with CDN being used .
  2. Getting ip using Ping :-   Ping  hostname
  3. Try visiting the ip in the browser

Result :

!! How HACKERS Can still get to your SERVER  ? !!

This is done by getting the real IP of your original server.

  1. Censys This is used in Recon process of a penetration test to get different types of information about the target. But this is also helpful in this case where we have to find the Origin Server for an application using CDN.
  2. Security TrailsAnother Website that offers the functionality for getting the information about the server and website . This can also be used for getting the ip address of the application
  3. Netcraft-Apart from the web based applictation which the above to utility this one provides an extension for Netcraft which you can install to keep a look at the target’s different info which you can get from here.

By using the above the tools one can get your Server IP  and  Now they can send malicious request to the server directly . This can be done in various ways one of which is using Burpsuite A well known tool used by bug bounty hunters and Penetration testers.  

How can we prevent malicious users, hackers, from bypassing CDN to get to my site?

Whitelist CDN IP Address on your server and reject other IP addresses.By doing this users  coming from CDN Can only access your server.

Do hackers Really need To bypass WAF or CDN ?

The answer is no because even after the above fix is done or not then too Cloud flare and other CDN solutions  only protects your applications from  some bugs like

XSS, SQli injections, DoS, and DDoS attacks etc . But it won’t block users if you check for Access Control and IDOR (Insecure Direct Object Reference) .

Conclusion

The best solution for Securing an application is by patching the server Misconfigurations and fixing the Vulnerability in the Application business logic itself.

And We can only Fix if we know the Best practices for Mitigating these ATTACKS.

Here is where the Regular Vulnerability Assessment Penetration Testing (VAPT) comes into the picture.

“Prevention is Better than Cure “

!!Get your Application Security & Network Security Assessed before it’s too late.!!