• Overview
    Key features
    • Observability
    • Auto-scaling
    • Multiframework
    • Security
    • Django
    • Next.js
    • Drupal
    • WordPress
    • Symfony
    • Magento
    • See all frameworks
    • PHP
    • Python
    • Node.js
    • Ruby
    • Java
    • Go
  • Industries
    • Consumer Goods
    • Media/Entertainment
    • Higher Education
    • Government
    • Ecommerce
  • Pricing
  • Featured articles
    • Switching to Platform.sh can help IT/DevOps organizations drive 219% ROI
    • Organizations, the ultimate way to manage your users and projects
  • Support
  • Docs
  • Login
  • Request a demo
  • Free Trial
Meet Upsun. The new, self-service, fully managed PaaS, powered by Platform.sh.Try it now
Cover image

Trust the Platform.sh WAF to defend your data

12 April, 2021
Chad Carlson
Chad Carlson
Manager, Developer Relations

Feature announcement: We've implemented the Platform.sh web application firewall onto all Enterprise and Elite projects.

There’s a lot of trust involved in releasing a production site. Trust in your engineers, trust in the hosting, trust in the framework you use to build it. You also need to trust in the traffic visitors generate. Because, truth is, there are bad actors out there looking to find and exploit weaknesses to mess with you and your customers. For this reason, a web application firewall (WAF) can be an important line of defense.

A WAF protects your applications from malicious requests and coordinated attacks. Some of these attacks exploit vulnerabilities in the framework you’ve built a site on, and others are a consequence of the HTTP protocol itself.

This week we’ve rolled out a new feature to all Enterprise and Elite customers: the Platform.sh WAF. The WAF monitors incoming requests to your sites. Should a request trigger any of the conditions outlined in our protection ruleset, it is filtered out, stripped of suspicious headers, or otherwise blocked entirely.

Potential vectors that the Platform.sh WAF protects your sites from include:

  • HTTP protocol attacks: request smuggling, header injection, and response splitting
  • Slowloris denial of service attacks
  • A number of well known vulnerabilities in famous frameworks like Drupal and Magento

You can find a full list of protections implemented by our WAF in our security documentation.

No changes need to be made to your projects to get the Platform.sh WAF; it’s already been released onto all Enterprise and Elite projects on the layer between the outside world and your application. So release your production site with added trust in the security of your site and user data.

Get the latest Platform.sh news and resources

Related Content

We can’t wait for SBOMs to be demanded by regulation

We can’t wait for SBOMs to be demanded by regulation

AboutSecurity and complianceTrust CenterCareersPressContact us
Thank you for subscribing!
Field required
Leader Winter 2023
System StatusPrivacyTerms of ServiceImpressumWCAG ComplianceAcceptable Use PolicyManage your cookie preferencesReport a security issue
© 2024 Platform.sh. All rights reserved.
Supported by Horizon 2020's SME Instrument - European Commission 🇪🇺