Here are some of the most common types of threats against which the Peqi WAF protects you:
SQL Injection
This is one of the most dangerous attacks, in which the attacker inserts or "injects" malicious SQL code through user input into an application, aiming to manipulate or access data from the underlying database. The Peqi WAF detects and blocks requests containing SQL injection attempts.
Cross-Site Scripting (XSS)
In XSS, an attacker injects malicious scripts into pages that are displayed to other users. This attack can be used to steal information such as session cookies and other sensitive data. The Peqi WAF filters and blocks these scripts before they can be delivered and executed in the user's browser.
Cross-Site Request Forgery (CSRF)
CSRF tricks the user's browser into executing unwanted actions on a site where the user is authenticated, without their knowledge. The Peqi WAF helps prevent CSRF attacks by ensuring that each request made to the application is intentional and properly authenticated.
File Inclusion Vulnerabilities (Local File Inclusion & Remote File Inclusion)
These vulnerabilities allow attackers to include malicious files on the server (Local File Inclusion) or through a remote URL (Remote File Inclusion) in the application, potentially allowing the execution of malicious code. The Peqi WAF blocks requests attempting to exploit these vulnerabilities.
Session Hijacking
Session hijacking attacks aim to take control of a user's session to impersonate them. The Peqi WAF protects you against this by monitoring abnormal session patterns and suspicious traffic.
Denial of Service (DoS) and Distributed Denial of Service (DDoS) Attacks
These attacks aim to overload server resources, making the application inaccessible to legitimate users. The Peqi WAF mitigates these attacks by limiting request rates and filtering malicious traffic.
Brute Force and Authentication Attacks
Login attempts or password cracking through brute force methods are detected and blocked by our WAF, which monitors repeated login attempts or suspicious traffic patterns.
Protection against Bots and SPAM in comments
In addition to protection against malicious bots, Peqi protects your Wordpress posts from SPAM comments, blocking users with IPs listed in the most known rbl (Real-time Blackhole List).
Command Injection
Command injection attacks involve inserting malicious commands into input data, aiming at the execution of these commands by the server's operating system. The Peqi WAF identifies and blocks these injection attempts.
In addition, you have the Virtual Patching, an advanced feature offered that allows the mitigation of vulnerabilities in your applications without the need to alter the application's source code, learn more by clicking here.