If you're looking to do everything you can to protect your website from potential security attacks (and you really should be!), there are two aspects of your website hosting environment that should be absolute musts - a Web Application Firewall (WAF) and Advanced Global CDN (AGCDN).
Both deliver additional enterprise-grade layers of protection around your website and hosting environment, combining to check that every request made to your site is non-malicious and that responses to as many of the requests as possible can be delivered without hitting your main server.
In summary, the WAF monitors and blocks malicious traffic from your website/server based on a set of rules. It detects/blocks known malicious IP addresses, suspicious user agents and other activity which is out of the ordinary such as repeated brute-force attack attempts on your website.
The ADCDN adds further protection against Distributed Denial of Service (DDoS) attacks on your website by preventing any surge in requests from hitting your main (origin) server which may otherwise result in your website becoming unavailable. The AGCDN can also add significant performance benefits to your website too. Read more below about the purposes and benefits of using a WAF and ADCDN with your website.
Despite these tools being invaluable in protecting your website, many hosting providers will typically only these services as optional add-ons and at extra cost. Both are available by default though when you host your Drupal website with Adaptive as they are included as standard as part of Adaptive's Managed Hosting Services.
How a Web Application Firewall (WAF) helps to secure your Drupal website
A Web Application Firewall (WAF) is a security tool that is designed to protect websites and servers from various types of attacks. A WAF operates by inspecting all incoming traffic to a web application and blocking malicious requests. This can help protect your website from a variety of common threats, such as SQL injection attacks, cross-site scripting (XSS) attacks, and session hijacking.
One of the key ways that a WAF provides security for your website is by monitoring for and blocking malicious traffic and activity based on a set of rules. These rules are typically based on common patterns or characteristics of known attack types. WAF is also able to detect and block known malicious IP addresses and suspicious user agents as well.
A WAF also provides additional security for your website by monitoring for and blocking suspicious activity on your website, such as repeated failed login attempts. This can help prevent brute-force attacks, where an attacker repeatedly tries different username and password combinations in an attempt to gain access to the admin area of your website.
The benefits of using the Advanced Global CDN (AGCDN) with your Drupal website
The Advanced Global CDN (AGCDN) is a system of distributed cloud servers in multiple locations around the world. It delivers your content to users based on their geographic location while also adding further layers of security to your website in a number of ways.
Primarily, the AGCDN adds further protection against Distributed Denial of Service (DDoS) attacks on your website. DDoS attacks are a common way for malicious users or scripts to overload a website with traffic and make it unavailable to legitimate users. The AGCDN can absorb and mitigate DDoS attacks by directing traffic through its network of servers, which are designed to handle large amounts of traffic, rather than all requests hitting your main original server.
Similarly, the AGCDN can also help with Bot management, checking the automated crawlers and scrappers that visit your website and ensuring that only legitimate bots (such as those reform search engines like Google) are able to crawl your website, and at an acceptable crawl rate. This further reduces load on your origin server, reducing the risk of your site becoming unavailable to your real users. It can also help to prevent your site from being scraped for malicious purposes, or from being used as a source of spam or other unwanted traffic.
In addition to the security benefits of using the Advanced Global CDN, you can also expect to see significant performance gains from using the AGCDN too. Pages, images and other assets of your website load much more quickly via the AGCDN than from your origin server, increasing the page speed and user experience for your audience.
This can also impact positively on your website's performance in Google's search listings thanks to the improved speed/performance that your website typically gains via the AGCDN. The AGCDN can help to improve a website's Core Web Vitals scores - the set of performance metrics that measure the user experience when loading webpages and is known to be a key factor in Google's ranking algorithm.
For many of the websites that Adaptive have moved to our Managed Hosting Service and placed behind the AGCDN, we have seen marked improvements in the Core Web Vitals scores as well as visible improvement in the load times of the website as a whole. From both security and performance perspectives, the Advanced Global CDN is a must-have in our view.
More info and reading
If you'd like to find out more about implementing WAF and AGCDN tools for your website, please contact us for a chat and guidance. You can also read more about our Managed Hosting Services for Drupal, which include WAF and AGCDN as standard, along with our other cyber security services too.
Adaptive are able to include the WAF and AGCDN tools as standard in our hosting solutions due to the close partnership we have with our hosting platform provider, Pantheon. Read more about how we work closely with Pantheon, and the subsequent benefits to our clients, here.
Adaptive MD, Dan Frost, recently partnered with Pantheon on a live webinar about the benefits of using the WAF and AGCDN tools, and why Adaptive particularly chose to utilise the tools available from Pantheon versus our previous provider. You can read more about that decision in this recent case study that we produced in conjunction with Pantheon.