{"id":11034,"date":"2019-09-11T14:32:27","date_gmt":"2019-09-11T14:32:27","guid":{"rendered":"https:\/\/www.webscale.com\/?post_type=blog&#038;p=11034"},"modified":"2023-12-29T08:15:47","modified_gmt":"2023-12-29T13:15:47","slug":"shield-online-storefront-cyberthreats-webscale-web-controls","status":"publish","type":"post","link":"https:\/\/www.webscale.com\/blog\/shield-online-storefront-cyberthreats-webscale-web-controls\/","title":{"rendered":"How to Shield Your Online Storefront from Cyberthreats with Webscale\u2019s Web Controls"},"content":{"rendered":"<p>Since the advent of digital commerce, hackers have kept both online merchants and the cybersecurity industry on their toes. Large security breaches occur almost every other week, and cyber-attacks on industry giants such as <a href=\"https:\/\/thenextweb.com\/security\/2019\/07\/10\/marriott-fined-123m-for-2018-data-breach-that-hit-339m-customers\/\" target=\"_blank\" rel=\"noopener noreferrer\">Marriott Hotels<\/a>, <a href=\"https:\/\/www.cbsnews.com\/news\/millions-facebook-user-records-exposed-amazon-cloud-server\/\" target=\"_blank\" rel=\"noopener noreferrer\">Facebook<\/a>, and <a href=\"https:\/\/www.usatoday.com\/story\/money\/2017\/05\/23\/target-pay-185m-2013-data-breach-affected-consumers\/102063932\/\" target=\"_blank\" rel=\"noopener noreferrer\">Target<\/a> continue to <a href=\"https:\/\/www.crn.com\/slide-shows\/security\/the-13-biggest-data-breaches-of-2019-so-far-\" target=\"_blank\" rel=\"noopener noreferrer\">remain in the news<\/a>. What\u2019s more, with cybercriminals becoming more sophisticated and using automation to execute attacks at scale, the need for advanced security to protect digital storefronts and users (their identities and credit card data), is higher than ever before.<\/p>\n<p>The most sophisticated hackers today are no longer coming through the \u201cfront door\u201d and launching massive DDoS attacks; instead, attacks are becoming more frequent at the \u201cback door\u201d, or the application layer where most of the customer information resides. (Learn more about <a href=\"https:\/\/www.webscale.com\/blog\/online-merchants-guide-securing-magento-storefronts\/\">how cyber-attacks on Magento storefronts are typically executed<\/a>.)<\/p>\n<p>Fortunately, online merchants can avoid a great deal of pain by regularly updating their security patches (for known vulnerabilities), using a web application firewall (WAF), and periodically reviewing whitelists.<\/p>\n<h3>How a WAF helps<\/h3>\n<p>A WAF provides a layer of protection between a web application and the Internet. It determines, based on pre-defined rules and the site administrator\u2019s directions, who or what enters the web application. WAFs protect web applications by monitoring and filtering web traffic (differentiating between legitimate users and illegitimate traffic), and mitigating a wide range of cyberthreats.<\/p>\n<p>Most WAFs have pre-defined rules (or policies) built in for protecting against commonly known threats, such as the <a href=\"https:\/\/securityboulevard.com\/2019\/01\/owasp-top-10-web-application-security-risks\/\" target=\"_blank\" rel=\"noopener noreferrer\">OWASP Top 10<\/a>. Rules may also involve adding IP addresses belonging to known bad actors (or malicious bots) to a block list.<\/p>\n<h3>Is this enough?<\/h3>\n<p>Picture this. The person responsible for your web application\u2019s security went on a well-deserved vacation two days ago. Your e-commerce platform provider published a vulnerability (they just found out about) in the interim and a patch to fix the same. A hacker uses this window of opportunity to gain admin access to your storefront and steals credit card data (remember, hackers are always staying on top of vulnerabilities, even when you aren\u2019t).<\/p>\n<p>How would you deal with this security breach? What do you do when the origin of the attack doesn\u2019t show up on published lists of bad actors? What happens when you\u2019re facing a <a href=\"https:\/\/www.techopedia.com\/definition\/29738\/zero-day-attack\" target=\"_blank\" rel=\"noopener noreferrer\">zero-day attack<\/a>? How do you deal with a cyberattack that\u2019s already in progress?<\/p>\n<p>The answer&#8230;you need to be able to customize your WAF, in real-time.<\/p>\n<p>It\u2019s easier said than done, however. To customize and configure new security rules in your WAF, you need the help of a security expert that can make the necessary code changes. These highly-skilled professionals can be both expensive and hard to find.<\/p>\n<p>That\u2019s where Webscale\u2019s Web Controls come to the rescue.<\/p>\n<h3>Web Controls: No Code, No Compromise, No Complexity<\/h3>\n<p>Webscale\u2019s Web Controls enable site administrators to use pre-defined, pre-tested security rulesets based on their e-commerce application, minimizing the need to discover, define, and maintain the rules themselves.<\/p>\n<p>With Web Controls, site administrators can also create the equivalent of firewall rules, without having a deep technical understanding of how to build them. They have been designed to allow a user, of any skill set (technical as well as non-technical), to quickly take actions to ensure enterprise-grade security, high availability, and fast performance of their web applications. A few examples of what you can accomplish with Web Controls, include:<\/p>\n<ul>\n<li>Blocking certain requests for a specified duration.<\/li>\n<li>Blocking all traffic from a specific country, if you don&#8217;t want to do business with potential customers from that country<\/li>\n<li>Rate-limiting resource-intensive user sessions to mitigate their impact on the overall application, and much more.<\/li>\n<\/ul>\n<p>Web Controls are very easy (and intuitive) to create. All you need to understand is, conditions and actions. While conditions are the triggers that activate a Web Control, actions are completed when conditions in a Web Control are met.<\/p>\n<p style=\"text-align: center;\"><img decoding=\"async\" class=\"aligncenter size-full wp-image-11644\" src=\"https:\/\/www.webscale.com\/wp-content\/uploads\/2019\/09\/create-condition.png\" alt=\"Create condtion\" \/><\/p>\n<p style=\"text-align: center;\"><img decoding=\"async\" class=\"aligncenter size-full wp-image-11651\" src=\"https:\/\/www.webscale.com\/wp-content\/uploads\/2019\/09\/create-action.png\" alt=\"Create Action\" \/><\/p>\n<p>Here\u2019s an example of the steps a site administrator would need to follow to create a Web Control for rate-limiting traffic:<\/p>\n<p><strong>Step 1:<\/strong> Login to the Webscale portal and select the appropriate domain by clicking on Zoom<\/p>\n<p style=\"text-align: center;\"><img decoding=\"async\" class=\"aligncenter size-full wp-image-11650\" src=\"https:\/\/www.webscale.com\/wp-content\/uploads\/2019\/09\/web-control.png\" alt=\"\" \/><\/p>\n<p><strong>Step 2:<\/strong> Click on Actions -&gt; Edit.<\/p>\n<p style=\"text-align: center;\"><img decoding=\"async\" class=\"aligncenter size-full wp-image-11649\" src=\"https:\/\/www.webscale.com\/wp-content\/uploads\/2019\/09\/webscale-service.png\" alt=\"\" \/><\/p>\n<p><strong>Step 3:<\/strong> Select the Web Controls tab, then click on the &#8220;Add A Web Control&#8221; button.<\/p>\n<p style=\"text-align: center;\"><img decoding=\"async\" class=\"aligncenter size-full wp-image-11648\" src=\"https:\/\/www.webscale.com\/wp-content\/uploads\/2019\/09\/webscale-control.png\" alt=\"\" \/><\/p>\n<p><strong>Step 4:<\/strong> From the &#8220;Add a Web Control&#8221; window:<\/p>\n<ol>\n<li>Enter a name to describe your control. You may also add a description to further clarify the control purpose.<\/li>\n<li>Select a Condition for the control. In this case, select &#8220;Rate Limit&#8221; from the selection list.<\/li>\n<li>Add a limit to the number of requests in a time interval.<\/li>\n<li>Click on Save.<\/li>\n<li>Select an Action to take. In this case, select &#8220;Add Address to Set&#8221; from the selection list.<\/li>\n<li>Click on Save Action.<\/li>\n<li>Click on the Save Web Control button.<\/li>\n<\/ol>\n<p style=\"text-align: center;\"><img decoding=\"async\" class=\"aligncenter size-full wp-image-11646\" src=\"https:\/\/www.webscale.com\/wp-content\/uploads\/2019\/09\/add-web-control.png\" alt=\"\" \/><\/p>\n<p><strong>Step 5:<\/strong> From the &#8220;Add a Web Control&#8221; window,<\/p>\n<ol>\n<li>Select Web Controls tab, then click on the \u201c Address in set\u201d button.<\/li>\n<li>Set Action as \u201cDeny Request.\u201d<\/li>\n<\/ol>\n<p style=\"text-align: center;\"><img decoding=\"async\" class=\"aligncenter size-full wp-image-11647\" src=\"https:\/\/www.webscale.com\/wp-content\/uploads\/2019\/09\/address-set-in.png\" alt=\"\" \/><\/p>\n<p><strong>Step 6:<\/strong> Your new Web Control is now created but is disabled by default. To enable the Web Control, click on the \u201cEnable\u201d switch to the right of the Web Control details.<\/p>\n<p>Your Web Control is now enabled and all traffic exceeding the limit of the number of requests will receive a Forbidden error message.<\/p>\n<p style=\"text-align: center;\"><img decoding=\"async\" class=\"aligncenter size-full wp-image-11645\" src=\"https:\/\/www.webscale.com\/wp-content\/uploads\/2019\/09\/enable-switch.png\" alt=\"\" \/><\/p>\n<p>\u2026 and you\u2019re done. No code, no compromise, no complexity!<br \/>\nAnother example outlining the steps to set up a Web Control that blocks specific countries from accessing a website can be found here: <a href=\"https:\/\/docs.webscale.com\/how-tos\/web-controls\/\" target=\"_blank\" rel=\"noopener\">https:\/\/www.webscale.com\/knowledgebase\/user-guide\/web-controls-how-to-block-countries-from-accessing-my-site<\/a><\/p>\n<p>Web Controls combined with Webscale\u2019s next-generation <a href=\"https:\/\/www.webscale.com\/product\/webscale-cloud-waf\/\">WAF<\/a>, intrusion detection, and <a href=\"https:\/\/www.webscale.com\/product\/webscale-cloud-bot-manager\/\">bot management<\/a> solutions, are one of the most powerful ways to defend your online storefront against all types of cyberattacks that threaten digital commerce.<\/p>\n<p>To learn more about Webscale\u2019s award-winning, SaaS-based security stack, <a href=\"https:\/\/www.webscale.com\/request-a-demo\/\">fill out this form<\/a> or drop us a line at <a href=\"mailto:sales@webscale.com\" target=\"_blank\" rel=\"noopener noreferrer\">sales@webscale.com<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Since the advent of digital commerce, hackers have kept both online merchants and the cybersecurity industry on their toes. Large security breaches occur almost every other week, and cyber-attacks on industry giants such as Marriott Hotels, Facebook, and Target continue to remain in the news. What\u2019s more, with cybercriminals becoming more sophisticated and using automation [&hellip;]<\/p>\n","protected":false},"author":5,"featured_media":256170,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_et_pb_use_builder":"","_et_pb_old_content":"","_et_gb_content_width":"","rank_math_lock_modified_date":false,"_aioseo_description":"","_aioseo_keywords":"","_aioseo_og_article_section":"","_aioseo_og_article_tags":"","_aioseo_og_description":"","_aioseo_og_title":"","_aioseo_title":"","_aioseo_twitter_description":"","_aioseo_twitter_title":"","_author_photo":"field_6513304084a08","_doc_url":"","_dp_original":"","_et_autogenerated_title":"","_et_body_layout_enabled":"","_et_body_layout_id":"","_et_builder_dynamic_assets_loading_attr_threshold":"2","_et_builder_module_features_cache":null,"_et_builder_version":"","_et_default":"","_et_enabled":"","_et_footer_layout_enabled":"","_et_footer_layout_id":"","_et_header_layout_enabled":"","_et_header_layout_id":"","_et_pb_ab_current_shortcode":"","_et_pb_ab_subjects":"","_et_pb_built_for_post_type":"","_et_pb_custom_css":"","_et_pb_enable_shortcode_tracking":"","_et_pb_excluded_global_options":"","_et_pb_first_image":"","_et_pb_gutter_width":"","_et_pb_module_type":"","_et_pb_page_layout":"et_right_sidebar","_et_pb_page_z_index":"","_et_pb_post_hide_nav":"default","_et_pb_row_layout":"","_et_pb_show_page_creation":"","_et_pb_show_title":"on","_et_pb_side_nav":"off","_et_pb_static_css_file":"","_et_pb_truncate_post":"","_et_pb_truncate_post_date":"","_et_post_bg_color":"#ffffff","_et_post_bg_layout":"light","_et_template":[],"_et_theme_builder_marked_as_unused":"","_et_use_on":"","_gallery_link_target":"","_global_colors_info":"","_lh_copy_from_url-original_file":"","_version_history":"","_wp_old_date":[],"_wpcode_auto_insert":"","_wpcode_auto_insert_number":"","_wpcode_conditional_logic":[],"_wpcode_conditional_logic_enabled":"","_wpcode_library_id":"","_wpcode_library_version":"","_wpcode_location_extra":"","_wpcode_note":"","_wpcode_priority":"","_wpcode_shortcode_attributes":[],"_wpmf_gallery_custom_image_link":"","ao_post_optimize":[],"author_photo":"255878","doc_url":"","et_enqueued_post_fonts":{"family":{"et-gf-lato":"Lato:100,100italic,300,300italic,regular,italic,700,700italic,900,900italic"},"subset":["latin","latin-ext"],"cache_key":"{\"gph\":0,\"divi\":\"4.24.1\",\"wp\":\"6.6.2\",\"enable_all_character_sets\":\"false\"}"},"rank_math_contentai_score":{"wordCount":"100","linkCount":"0","headingCount":"100","mediaCount":"62.22"},"rank_math_description":"The most sophisticated hackers today are no longer coming through the \u201cfront door\u201d and launching massive DDoS attacks; instead, attacks are becoming more frequent at the \u201cback door\u201d, or the application layer where most of the customer information resides. Read this blog to learn how to shield your online storefront from cyberthreats with Webscale\u2019s web controls.","rank_math_facebook_image":"","rank_math_facebook_image_id":"","rank_math_internal_links_processed":["1"],"rank_math_og_content_image":[],"rank_math_seo_score":"23","rank_math_title":"","version_history":"","wp-smpro-smush-data":[],"wp-smush-animated":"","wpmf_filetype":"","wpmf_order":"","wpmf_size":"","_":"","_bj_lazy_load_skip_post":[],"_divi_filters_post_type":"","_et_dynamic_cached_attributes":{"sticky_position":["top"],"use_custom_gutter":["on"],"fullwidth":["off"],"button_icon":["&#x24;||divi||400"],"social_network":["facebook","twitter","linkedin","youtube","last_fm"],"header_2_font":"|800|||||||","header_2_font_size":"34px","header_2_text_align":"center","animation_intensity_slide":"10%","animation_duration":"800ms","animation_delay":"15ms","animation_intensity_zoom":"15%","animation_intensity_flip":"15%","animation_intensity_fold":"15%","animation_intensity_roll":"15%","animation_direction":"center","animation_style":"none","background_color_gradient_start":"rgba(255,255,255,0)","background_color_gradient_end":"#fafafa","custom_padding":"120px||0px||false|false","background_color_gradient_stops":"rgba(255,255,255,0) 0%|#fafafa 100%","custom_padding_last_edited":"on|desktop","custom_padding_tablet":"||30px||false|false","custom_padding_phone":"60px||||false|false"},"_et_dynamic_cached_shortcodes":["et_pb_post_content","et_pb_contact_field","et_pb_signup_custom_field","et_pb_social_media_follow_network","et_pb_section","et_pb_row","et_pb_column","et_pb_blog","et_pb_blurb","et_pb_button","et_pb_code","et_pb_contact_form","et_pb_post_nav","et_pb_post_title","et_pb_signup","et_pb_social_media_follow","et_pb_text"],"_et_pb_ab_bounce_rate_limit":"","_et_pb_ab_stats_refresh_interval":[],"_et_pb_content_area_background_color":"","_et_pb_dark_text_color":"","_et_pb_light_text_color":"","_et_pb_section_background_color":"","_job_location":"","_job_locations":"","_links_to":"","_links_to_target":"","_product_image_gallery":"","_schema_code":"","_synced_version":"","_wp_attachment_context":"","_wp_attachment_image_alt":[],"_wpie_source_url":"","_yoast_wpseo_content_score":"30","_yoast_wpseo_focuskeywords":"[]","_yoast_wpseo_metadesc":"The most sophisticated hackers today are no longer coming through the \u201cfront door\u201d and launching massive DDoS attacks; instead, attacks are becoming more frequent at the \u201cback door\u201d, or the application layer where most of the customer information resides. Read this blog to learn how to shield your online storefront from cyberthreats with Webscale\u2019s web controls.","_yoast_wpseo_opengraph-image":"","_yst_prominent_words_version":"1","inline_featured_image":["0","0","0","0","0","0"],"job_location":[],"job_locations":"","options":"","original-file":"","post_views_count":"3","rank_math_analytic_object_id":"2027","rank_math_canonical_url":"","rank_math_focus_keyword":[],"rank_math_news_sitemap_robots":"index","rank_math_primary_category":"0","rank_math_primary_ccategory":"","rank_math_primary_job_locations":"","rank_math_primary_partners_category":"","rank_math_primary_pr_category":"","rank_math_primary_press_release_year":"","rank_math_rich_snippet":"","rank_math_robots":["index"],"rank_math_schema_Article":[],"rank_math_schema_Organization":[],"rank_math_schema_VideoObject":[],"rank_math_shortcode_schema_s-23675683-fff5-4300-88fe-da8afc8b1bb9":"","rank_math_shortcode_schema_s-307bbc91-c6b1-41aa-950d-c50d435a949c":"","rank_math_shortcode_schema_s-63a052dbc0384":"","rank_math_shortcode_schema_s-63a052dbc039d":"","rank_math_shortcode_schema_s-63a052dbc03a6":"","rank_math_shortcode_schema_s-63a052dbc03aa":"","rank_math_shortcode_schema_s-63a052dbc03b5":"","rank_math_shortcode_schema_s-63a052dbc03ba":"","rank_math_shortcode_schema_s-63a052dbc03bd":"","rank_math_shortcode_schema_s-63b6dd7d53a96":"","rank_math_shortcode_schema_s-63b6dd7d53a9f":"","rank_math_shortcode_schema_s-63b6dd7d53aa2":"","rank_math_shortcode_schema_s-63b6dd7d53aa4":"","rank_math_shortcode_schema_s-63b6dd7d53aa7":"","rank_math_shortcode_schema_s-63b6dd7d53aa9":"","rank_math_shortcode_schema_s-63b6dd7d53aab":"","rank_math_shortcode_schema_s-63b6dd7d53aad":"","rank_math_shortcode_schema_s-63b6dd7d53aaf":"","rank_math_shortcode_schema_s-63c15fcf43311":"","rank_math_shortcode_schema_s-63c15fcf43322":"","rank_math_shortcode_schema_s-63c15fcf43325":"","rank_math_shortcode_schema_s-63c15fcf43327":"","rank_math_shortcode_schema_s-63c15fcf43329":"","rank_math_shortcode_schema_s-63c15fcf4332a":"","rank_math_shortcode_schema_s-63c15fcf4332c":"","rank_math_shortcode_schema_s-63c15fcf4332e":"","rank_math_shortcode_schema_s-63c15fcf43330":"","rank_math_shortcode_schema_s-63f52c5ed40bb":"","rank_math_shortcode_schema_s-6409f40a9b7d5":"","rank_math_shortcode_schema_s-64354a3892419":"","rank_math_shortcode_schema_s-6440158136148":"","rank_math_shortcode_schema_s-6446d2f9353ee":"","rank_math_shortcode_schema_s-6446d2f9353f3":"","rank_math_shortcode_schema_s-6447c0fe4673c":"","rank_math_shortcode_schema_s-64e4d743542d7":"","schema_code":"","smush-complete":"","smush-info":"","smush-stats":[],"synced_version":"","wpmf_remote_video_link":"","_exp":"","_inc":"","_mc4wp_settings":[],"_post-subtitle":"field_5bb39e15297d0","_pwh_dcfh_contact_email":"","_pwh_dcfh_contact_form_id":"","_pwh_dcfh_form_fields":"","_pwh_dcfh_ip_address":"","_pwh_dcfh_page_id":"","_pwh_dcfh_read_by":"","_pwh_dcfh_referer_url":"","_pwh_dcfh_user_agent":[],"_section1_col1":"","_section1_col2":"","_section1_col3":"","_section1_col4":"","_section2_col1":"","_section2_col2":"","_section2_col3":"","_section2_col4":"","_section2_col5":"","_section2_col6":"","_section3_col1":"","_section3_col2":"","_section3_col3":"","_section3_col4":"","_section3_col5":"","_section3_col6":"","_section4_col1":"","_section4_col2":"","_section4_col3":"","_section4_col4":"","_section4_col5":"","_section4_col6":"","_section5_col1":"","_section5_col2":"","_section5_col3":"","_section5_col4":"","_section5_col5":"","_section5_col6":"","_section6_col1":"","_section6_col2":"","_section6_col3":"","_section6_col4":"","_section6_col5":"","_section6_col6":"","_select_author":"","_test":"","_wp_attachment_backup_sizes":[],"_yoast_wpseo_estimated-reading-time-minutes":[],"_yoast_wpseo_focuskw":[],"_yoast_wpseo_focuskw_text_input":[],"_yoast_wpseo_linkdex":[],"_yoast_wpseo_meta-robots-nofollow":[],"_yoast_wpseo_meta-robots-noindex":[],"_yoast_wpseo_primary_category":["",""],"_yoast_wpseo_title":[],"_yoast_wpseo_wordproof_timestamp":"","exp":"","inc":"","post-subtitle":["",""],"rank_math_schema_BlogPosting":[],"section1_col1":"","section1_col2":"","section1_col3":"","section1_col4":"","section2_col1":"","section2_col2":"","section2_col3":"","section2_col4":"","section2_col5":"","section2_col6":"","section3_col1":"","section3_col2":"","section3_col3":"","section3_col4":"","section3_col5":"","section3_col6":"","section4_col1":"","section4_col2":"","section4_col3":"","section4_col4":"","section4_col5":"","section4_col6":"","section5_col1":"","section5_col2":"","section5_col3":"","section5_col4":"","section5_col5":"","section5_col6":"","section6_col1":"","section6_col2":"","section6_col3":"","section6_col4":"","section6_col5":"","section6_col6":"","select_author":"","test":"","footnotes":""},"categories":[1,7],"tags":[],"class_list":["post-11034","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog","category-security"],"acf":[],"_links":{"self":[{"href":"https:\/\/www.webscale.com\/wp-json\/wp\/v2\/posts\/11034"}],"collection":[{"href":"https:\/\/www.webscale.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.webscale.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.webscale.com\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/www.webscale.com\/wp-json\/wp\/v2\/comments?post=11034"}],"version-history":[{"count":0,"href":"https:\/\/www.webscale.com\/wp-json\/wp\/v2\/posts\/11034\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.webscale.com\/wp-json\/wp\/v2\/media\/256170"}],"wp:attachment":[{"href":"https:\/\/www.webscale.com\/wp-json\/wp\/v2\/media?parent=11034"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.webscale.com\/wp-json\/wp\/v2\/categories?post=11034"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.webscale.com\/wp-json\/wp\/v2\/tags?post=11034"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}