The Challenge of Custom Applications #
Custom PHP or legacy applications often lack the built-in security hardening of major CMS platforms. The WAF provides a vital security blanket for these applications.
Custom WAF Rule Tuning #
For custom applications, you may need bespoke WAF rules:
-
Endpoint Whitelisting: If your application uses unique URLs or unusual parameters, contact support. We can create specific exceptions to prevent false positives without weakening overall protection.
-
Session Security: Ensure your application handles sessions securely (e.g., using secure cookies and regenerating session IDs). The WAF can help identify attempts at session hijacking.
Maximizing Security Logging #
For easier debugging and security analysis:
-
Enable Detailed Logging: Ensure your application logs all failed login attempts and API errors.
-
Correlate Logs: Use your application logs in conjunction with the CyberWAF logs (in cPanel) to determine if a block was WAF-initiated or an application error.
