The number of attacks on websites and web applications is growing. Almost every day there is alarming news: cybercriminals are conducting massive attacks on websites on WordPress (they made 13.7 million attacks on 1.6 million resources in a day and a half). At the same time, in the popular web framework Django they detect (and fix) a vulnerability that allowed SQL injection attacks on millions of websites. Nobody is surprised by the news about this or that popular service becoming a victim of a DDoS attack anymore.
In 2025, damage from attacks is expected to reach $10.5 billion. Anyone, including regular users, can become a victim of cybercriminals. If you don’t want to be included in the worrying statistics, check out our free solution—Basic WAF. It’s suitable for all categories of users, it’s easy to activate it, and it doesn’t require a bank card. Read more to learn about the types of attacks and our protection measures against them.
Attacks are usually classified by the type of objects which are targeted by the attackers. Such objects correlate with different layers of the OSI model. Most often, attacks are performed at the network (L3) and transport (L4) layers, as well as at the application layer (L7). Let’s get into some details.
As the name suggests, at L3, attacks are aimed at the network infrastructure; their goal is to disrupt its correct operation. Such attacks lead to channel overloads and problems with network equipment.
L4 includes attacks that exploit vulnerabilities in the TCP stack: for example, SYN flood and TCP connection flood. The idea of such attacks is to send many connection requests to the server so that the request queue is filled and the server becomes unavailable.
“The number of attacks at layers L3 and L4 is constantly growing. In the first half of 2022, we recorded many powerful flood attacks on businesses. The main goals were e-commerce, fintech, and game development. The average power of DDoS attacks in Q1–Q2 of 2022 more than doubled. If last year it was 300 Gbps, this year it is already 700 Gbps.”
Head of Web Security at Gcore
No one is safe from such attacks—neither medium nor large businesses, government organizations, or small web projects. Hackers often launch massive attacks and do not have specific targets.
How to protect yourself: To protect yourself from attacks at L3 and L4, you just need to activate a CDN. Here’s how it works. To disrupt your service, an attacker needs to attack the server it’s running on. And if all traffic goes through a CDN with a large number of points of presence (PoPs), it would be almost impossible to do this: for this, the attackers would have to paralyze the work of all servers at once. Our CDN consists of 140 PoPs and can redirect traffic to alternate routes, so that even the most experienced attackers are unable to get through.
Attacks at this layer disrupt the regular operation of web applications and websites, as well as allow unauthorized access to them. This group includes brute force, SQL injections, malicious code injections, and much more.
“In 2020–2021, along with the increased consumption of content in the online games and entertainment industry, DDoS attacks also became more frequent and complex. Attacks are becoming more sophisticated: instead of specific servers, the attackers targeted web applications (L7 of the OSI network model) and tried to legitimize the traffic. In 2022, we also see a significant increase in such attacks.”
Head of Web Security at Gcore
To protect from such attacks, a simple CDN is no longer enough; you also need a firewall. In some cases, these solutions are combined in a single product.
How to protect yourself: By using a specialized tool—WAF (Web Application Firewall). All you need to do is choose a suitable solution and integrate it with your service. To make the process easier, we have already integrated Basic WAF with our CDN. This means that users only need to connect to the content delivery network and enable one-button protection.
WAF stands for Web Application Firewall. This is software for protecting web applications from attacks and malicious activity: brute force, SQL injections, XSS attacks, spam activity in comments, attempts to download suspicious files, and much more (WAF functionality may vary). Various technologies help detect malicious actions—from hardware-based solutions to cloud-based solutions that actively use artificial intelligence and machine learning.
Attackers attempt to hack the client’s application using existing vulnerabilities WAF scans request signatures and blocks access if malware is detected The client’s application remains protected and safe for its users Web Application Firewall Client’s web server
WAF is the gateway for all requests sent to the web server. If requests don’t meet the specified criteria, it doesn’t allow them to pass and reduces the likelihood of malicious activity. As a rule, after getting such requests, the user receives notifications to check and strengthen security measures if necessary.
However, most WAFs are complex and expensive tools. We decided to change this and offer our users a free and easy-to-use solution to protect against L7 attacks.
To do this, we used the most common open-source solution—ModSecurity. This project started as a module for the Apache web server, but eventually expanded to support Nginx and HAProxy. In the third version, the libmodsecurity library was added to the ModSecurity functionality. It can be used to implement the WAF functionality into any applications and services: load balancers, hosting control panels, etc.
In our solution, Basic WAF, we also use ModSecurity. We have modified it to integrate with the CDN and use the OWASP Core RuleSet (OWASP CRS). This allows us to protect websites and web applications from the most common attacks:
Thus, with our CDN, you can protect your website or application from attacks at any layer and the suspicious actions of users, as well as detect and block bots.
Here’s how, in just a few minutes, you can configure the protection of a website or web application from the most common types of attacks. You no longer need to purchase additional hardware or software or even read the code yourself—all-round protection is available to regular web admins.
To make working with Basic WAF even more convenient, we added the option to collect and visualize data on processed and blocked requests. This is what it looks like:
Also, we have recently implemented a new way to present extended statistics:
If you need advanced protection for more complex scenarios, you can use a paid solution—NG WAF. It can deflect zero-day attacks, protect APIs, and warn about potential application vulnerabilities. In addition to a set of rules, the solution is based on analysis tools based on AI and ML technologies.
At Gcore, we care about the safety of our users and the entire Internet. Given the growing number and complexity of cyber-attacks, protection should be available not only to large businesses, but also to ordinary users—owners of websites and small applications. Our simple solution—CDN with WAF—serves precisely this purpose: to make the Internet more convenient and accessible for everyone.