REMINDER
SOLVED Protection with WAF
-
Hello,
It's mentioned here:
https://appdrag.com/docs/AppDrag_White_Paper_v1.3.pdf"AppDrag leverages AWS’s security infrastructure (CloudFront,
LoadBalancer, WAF, DDOS protection, VPN, IAM, security groups,
replication on multiples regions, versioning and Cloudwatch alerts) "Does that mean that Cloud Backend comes bundled with WAF protection? As in, if someone spams my API endpoints, do I have protection against that? If not, is it possible for me to leverage WAF to protect my API against common attacks?
-
Hey @mody-ibrahim
We do have a waf but it won't be configurable/adjustable by you this is why I recommended you to configure Cloudflare (free) to get an additional protection layer that you can configure with rules -
@jbenguira Oh, thank you. I'm already using CloudFlare to serve my frontend and protect it from DDoS while using AppDrag's Cloud Backend for my API. Does that mean my API already has proper protection against abuse without being connected to CloudFlare's WAF? Any documentation on the subject?
-
@mody-ibrahim you can connect a domain to your project, and call the api through your custom domain (protected by cloudflare)
As already said above, yes we do have a layer of WAF protection on our side on AppDrag & Cloud Backend, but it's not configurable by end users. It's intended to protect our system but won't prevent someone from using all your api quota ... You could definitely prevent that with cloudflare and specific rules for your sensible api endpoints
-
Very useful answers. Thank you!
