The GridPane Plaid Stack incorporates Lua-Resty-WAF, a high performance web application firewall (WAF) written for the OpenResty stack, leveraging the scalable architecture of Nginx, while providing a ModSecurity compatible rule syntax as well as a few custom rules, and a patchset for emerging threats.
Lua-Resty-Waf is distributed with tooling to automatically translate existing ModSecurity rules, allowing users to extend lua-resty-waf implementation without the need to learn a new rule syntax.
Designed with efficiency and scalability in mind, it leverages Nginx's asynchronous processing model and an efficient design to process each transaction as quickly as possible. Load testing has shown that deployments implementing all provided rulesets, which are designed to mimic the logic behind the ModSecurity CRS, process transactions in roughly 300-500 microseconds per request; this equals the performance advertised by Cloudflare's WAF.
You can find out more details about Lua Resty WAF here.
Using the GridPane WAF is easy, at the moment we only incorporate the standard ruleset we will be updating this feature to allow users to specify custom rules. You can also enable and disable the WAF on a site by site basis.
NoteThis feature is not available on GridPane non-plaid Nginx stacks
Step 1. Spin up a server and provision a GridPane Site
We have documentation on provisioning up and managing servers here:
- Provisioning and Managing GridPane Servers
- Provision a Digital Ocean Droplet using the Digital Ocean API
- Provision a Linode using the Linode API
- Provision a Vultr Instance using the Vultr API
And documentation about deploying and managing GridPane sites here:
Step 2. Enable the GridPane WAF
Make sure you are in the sites section of the GridPane App
In the Active Sites Panel, to open the Site Customizer click on the URL for the site you wish to configure
In the Settings Tab of the Site Customizer you will see the Web Application Firewall option and toggle. It is actually enabled by default for all sites build on a Plaid stack server, so you won't need to enable it unless you have previously disabled the firewall.
Step 3. Disable the GridPane WAF
To disable the WAF is just as easy, simply toggle the setting off in the Site customizer.