Behind a sturdy wall: Protecting web applications with CDN and WAF

The number of attacks on websites and web applications is growing. Almost every day there is alarming news: cybercriminals are conducting massive attacks on websites on WordPress (they made 13.7 million attacks on 1.6 million resources in a day and a half). At the same time, in the popular web framework Django they detect (and fix) a vulnerability that allowed SQL injection attacks on millions of websites. Nobody is surprised by the news about this or that popular service becoming a victim of a DDoS attack anymore.

In 2025, damage from attacks is expected to reach $10.5 billion. Anyone, including regular users, can become a victim of cybercriminals. If you don’t want to be included in the worrying statistics, check out our free solution—Basic WAF. It’s suitable for all categories of users, it’s easy to activate it, and it doesn’t require a bank card. Read more to learn about the types of attacks and our protection measures against them.

Types of attacks and how to defend against them

Attacks are usually classified by the type of objects which are targeted by the attackers. Such objects correlate with different layers of the OSI model. Most often, attacks are performed at the network (L3) and transport (L4) layers, as well as at the application layer (L7). Let’s get into some details.

Network (L3) and transport (L4) layer attacks

As the name suggests, at L3, attacks are aimed at the network infrastructure; their goal is to disrupt its correct operation. Such attacks lead to channel overloads and problems with network equipment.

L4 includes attacks that exploit vulnerabilities in the TCP stack: for example, SYN flood and TCP connection flood. The idea of such attacks is to send many connection requests to the server so that the request queue is filled and the server becomes unavailable.

No one is safe from such attacks—neither medium nor large businesses, government organizations, or small web projects. Hackers often launch massive attacks and do not have specific targets.

How to protect yourself: To protect yourself from attacks at L3 and L4, you just need to activate a CDN. Here’s how it works. To disrupt your service, an attacker needs to attack the server it’s running on. And if all traffic goes through a CDN with a large number of points of presence (PoPs), it would be almost impossible to do this: for this, the attackers would have to paralyze the work of all servers at once. Our CDN consists of 140 PoPs and can redirect traffic to alternate routes, so that even the most experienced attackers are unable to get through.

Application layer attacks (L7)

Attacks at this layer disrupt the regular operation of web applications and websites, as well as allow unauthorized access to them. This group includes brute force, SQL injections, malicious code injections, and much more.

To protect from such attacks, a simple CDN is no longer enough; you also need a firewall. In some cases, these solutions are combined in a single product.

How to protect yourself: By using a specialized tool—WAF (Web Application Firewall). All you need to do is choose a suitable solution and integrate it with your service. To make the process easier, we have already integrated Basic WAF with our CDN. This means that users only need to connect to the content delivery network and enable one-button protection.

What is WAF, and how does it work?

WAF stands for Web Application Firewall. This is software for protecting web applications from attacks and malicious activity: brute force, SQL injections, XSS attacks, spam activity in comments, attempts to download suspicious files, and much more (WAF functionality may vary). Various technologies help detect malicious actions—from hardware-based solutions to cloud-based solutions that actively use artificial intelligence and machine learning.

Attackers attempt to hack the client’s application using existing vulnerabilities WAF scans request signatures and blocks access if malware is detected The client’s application remains protected and safe for its users Web Application Firewall Client’s web server

WAF is the gateway for all requests sent to the web server. If requests don’t meet the specified criteria, it doesn’t allow them to pass and reduces the likelihood of malicious activity. As a rule, after getting such requests, the user receives notifications to check and strengthen security measures if necessary.

However, most WAFs are complex and expensive tools. We decided to change this and offer our users a free and easy-to-use solution to protect against L7 attacks.

How we added protection against attacks at the L7 layer in CDN

To do this, we used the most common open-source solution—ModSecurity. This project started as a module for the Apache web server, but eventually expanded to support Nginx and HAProxy. In the third version, the libmodsecurity library was added to the ModSecurity functionality. It can be used to implement the WAF functionality into any applications and services: load balancers, hosting control panels, etc.

In our solution, Basic WAF, we also use ModSecurity. We have modified it to integrate with the CDN and use the OWASP Core RuleSet (OWASP CRS). This allows us to protect websites and web applications from the most common attacks:

• Cross-Site Request Forgery (CSRF)
• Cross-Site Scripting (XSS)
• Local File Inclusion (LFI)
• Remote File Inclusion (RFI)
• SQL Injection (SQLi)
• Miscellaneous types of attacks from the OWASP Top 10 list

Thus, with our CDN, you can protect your website or application from attacks at any layer and the suspicious actions of users, as well as detect and block bots.

How to connect CDN and WAF to your application

It’s easy:

1. Sign up.
2. Connect the CDN to the website (use this step-by step manual).
3. In the CDN settings, enable Basic WAF with one click.

Here’s how, in just a few minutes, you can configure the protection of a website or web application from the most common types of attacks. You no longer need to purchase additional hardware or software or even read the code yourself—all-round protection is available to regular web admins.

To make working with Basic WAF even more convenient, we added the option to collect and visualize data on processed and blocked requests. This is what it looks like:

Also, we have recently implemented a new way to present extended statistics:

If you need advanced protection for more complex scenarios, you can use a paid solution—NG WAF. It can deflect zero-day attacks, protect APIs, and warn about potential application vulnerabilities. In addition to a set of rules, the solution is based on analysis tools based on AI and ML technologies.

Simple cyber defense against complex attacks

At Gcore, we care about the safety of our users and the entire Internet. Given the growing number and complexity of cyber-attacks, protection should be available not only to large businesses, but also to ordinary users—owners of websites and small applications. Our simple solution—CDN with WAF—serves precisely this purpose: to make the Internet more convenient and accessible for everyone.