Thursday, July 15, 2021

Which CDN WAF/DDoS protection service for publishing web sites from on-prem?

We've been pretty much "on-prem" but now we're having few services that need to be published to users in the internets. Previously we've had a DMZ and tried to limit everything from DMZ to the internal network, but as the demand is growing I'm thinking we should get something more advanced.

Something that could block the basic exploits and DDoS's, as we run software that we've not developed ourselves and can't be sure how secure it is... For some software we would like to limit the URL in HTTP request that is allowed as we know what the allowed URLs are (not sure if this is reasonable to do?)

As we're pretty MS house Azure is of course one of the option (App Gateway + WAF?) but how about Cloudflare, Fastly or this Prophaze I just Googled?

We're not really looking for the "global distributed CDN features" rather than ways to protect our web servers (some of them are IIS...) and web softwares

One option is to use FortiADC/F5 BIG-IP/Citrix ADC which we use today, but those would be only for the WAF part and not the DDoS part as we have only couple gigabits worth of internet capacity.



No comments:

Post a Comment