Today’s guest post is delivered by Gilad David Maayan, a technology writer who has worked with over 150 technology companies including SAP, Samsung NEXT, NetApp and Imperva, producing technical and thought leadership content that elucidates technical solutions for developers and IT leadership.

What is eCDN Web Application Firewall?

Salesforce Commerce Cloud provides a built-in content delivery network called eCDN, designed to accelerate site access and content delivery. It provides a safer and more reliable online shopping experience.

The eCDN also includes a web application firewall (WAF). Unlike a network firewall that inspects network traffic and blocks attacks at the network level, a WAF can protect application-layer traffic from web security threats and common web application vulnerabilities. For example, WAFs can protect against SQL injection, cross-site scripting (XSS), and cross-site request forgery (CSRF). The WAF is automatically updated with new rules and attack patterns to stay ahead of evolving threats.

How Does eCDN WAF Work?

eCDN WAF looks at all interactions with merchant websites—legitimate shopper behavior, bot traffic, and potentially malicious requests. All requests to the storefront are made over HTTP/S or AJAX. The WAF scrutinizes all requests, identifying common patterns of legitimate web traffic and possible attack patterns, and filtering out malicious traffic. The WAF can identify unusual or malicious traffic and block it to prevent security threats from reaching the eCommerce server. eCDN WAF also inspects website addresses and URLs to detect anomalies like malicious redirects.

When a suspicious request is made to a merchant’s site, the eCDN WAF evaluates the request and applies the action configured by the merchant:

  • If the selected action is “challenge”—the suspicious user is presented with a CAPTCHA and must submit it successfully to proceed to the next page. If the user does not successfully complete the CAPTCHA, the WAF blocks the request before it reaches the Commerce Cloud.
  • If the selected action is “block”—the suspicious user is immediately blocked.

Merchants can manage eCDN WAF in the Business Manager interface. They can configure WAF and access logs, and define how tightly their security settings should be enforced by setting the WAF to low, medium, or high security. WAF configuration is individual to each merchant site and depends on the type of traffic a website receives, and the level risk tolerance for the merchant’s business operations

A lower setting might be appropriate if a brand uses bots, or accepts the use of certain types of bots, which might trigger the WAF too frequently.

eCDN WAF Modes of Operation

When responding to potential web application threats, eCDN WAF inspects each incoming request, assigns a threat score, and responds appropriately. The WAF uses OWASP definitions to detect common web application attacks. Each incoming request that triggers an OWASP rule increases the overall threat score.

WAF uses three modes of operation to respond to detected OWASP threats:

  • Simulate—logs events without blocking or requiring web requests. This option allows administrators to see the impact of the WAF in challenge or block mode and decide which mode of operation is best for their online store.
  • Challenge—when challenge mode is enabled, suspected malicious users must fill in a CAPTCHA before accessing the store. Challenge mode is useful when there is a risk the WAF might accidentally target legitimate shoppers. Challenge mode allows a legitimate user to enter CAPTCHA information and continue their shopping experience.
  • Block—if an incoming web request is suspicious, a blocked page is displayed and the web request is prevented from reaching the server. The block option is the most effective against threat actors. However, this option is also the most restrictive. If the WAF incorrectly identifies a real shopper as malicious, the shopper is blocked and cannot enter the store.

Working with Simulation Mode

If you are new to WAF, SalesForce recommends running WAF in simulation mode for at least one week. Simulation mode captures and records information about site traffic.

You can review the generated logs to make data-driven decisions about firewall requirements and decide how to best configure the WAF. When reviewing logs, consider the following:

  • Which rules are triggered and how often are they executed?
  • Which region triggered the rule, and do you sell to or ship to this country?
  • Which IP addresses are associated with suspicious requests identified by WAF rules? Doing an IP lookup of a suspected malicious IP address can reveal more information.

After rtunning the WAF in simulation mode, you can decide whether to increase the sensitivity level of the WAF (if you see real threat actors are identified as malicious). Alternatively, you can reduce the sensitivity of the WAF (if you see there are real shoppers wrongly identified as malicious).

Modify eCDN WAF Settings

To change eCDN WAF settings:

  1. Choose Administration > Sites > Embedded CDN Settings.
  2. Choose a zone.
  3. On the WAF tab, select Enabled to turn on the WAF for the zone, or deselect it to disable WAF for this zone.
  4. From the Action dropdown list, select the action to take when an anomalous request is discovered—Simulate, Challenge, or Block.
  5. From the Sensitivity drop down, select a sensitivity level—high, medium, or low.

To obtain log data for analysis:

Select one or more dates and times and click Request Log. An email with a link is sent to your Business Manager email account when the log file is available for download. Download the logs to analyze your traffic and adjust WAF sensitivity accordingly.

Conclusion

In conclusion, configuring the Salesforce firewall is an important step in ensuring the security and integrity of your Salesforce account. By following the steps outlined in this quick guide, you can effectively set up and manage your firewall to protect your account from external threats and unauthorized access. It is also important to regularly review and update your firewall configuration to ensure it remains effective in protecting your account and data. By taking the time to properly set up and maintain your Salesforce firewall, you can ensure the security and success of your business.