Back to overview

Airlock WAF 7.3: Dynamic blacklists for rogue actors

   07.05.2020   Airlock, WAF, web application firewall, Updates, managed services
Black Wall | © Amed Fesh on Unsplash

The Airlock WAF 7.3 has been in use at aspectra since April. The new version offers a number of useful innovations. One of them is the IP Blacklist.

The Airlock Web Application Firewall (WAF) 7.3. comes with various improvements such as easier integration of security levels, TLS 1.3, cloud support and API gateway. Also integrated is a new security approach - the dynamic IP blacklist.

What is an IP Blacklist?

Airlock WAF takes a proactive approach to security by providing regularly monitored and updated white- and blacklists. IP addresses from which a predefined number of malicious activities have been initiated within a configurable time window are blacklisted. The system thus blocks access from IP addresses that are on the list.

How does the IP blacklist work?

The blacklist is managed automatically. When an IP address triggers a lock, it is placed on a watch list. If an IP exceeds the limit of the number of tolerated blocks during a defined time frame, the system automatically puts it on the blacklist for a desired period of time. The dynamic blacklist of unwanted IP addresses is updated by sliding window values.

What are the benefits of the blacklist?

By blocking blacklisted addresses, we  throw a spanner in the works of automated tools. Blacklisting also allows us to better respond to attacks that we cannot locate. This is particularly useful for DDoS attacks from the cloud. So we can tell the WAF, "Here's an attack. Deny access to this previously unknown and unlisted IP temporarily." This enhances the previously static approach to dynamically keep up with bad intentions. Dynamic blacklisting also makes it more effective to exclude traffic through geolocation. Sanctioning of an area as a whole is no longer necessary.

What is a whitelist for?

The whitelist allows manual management of accesses. It lets us exclude trustworthy IP addresses from a verification. This saves computing power. Benign bots, such as search engines, can thus work undisturbed.


Leave us a comment: