• Overview
    Key features
    • Observability
    • Auto-scaling
    • Multi-framework
    • Security
    • Django
    • Next.js
    • Drupal
    • WordPress
    • Symfony
    • Magento
    • See all frameworks
    • PHP
    • Python
    • Node.js
    • Ruby
    • Java
    • Go
  • Industries
    • Consumer Goods
    • Media/Entertainment
    • Higher Education
    • Government
    • Ecommerce
  • Pricing
  • Overview
    Featured articles
    • Switching to Platform.sh can help IT/DevOps organizations drive 219% ROI
    • Organizations, the ultimate way to manage your users and projects
  • Support
  • Docs
  • Login
  • Request a demo
  • Free Trial
Cover image

Trust the Platform.sh WAF to defend your data

April 12, 2021
Chad Carlson
Chad Carlson
Manager, Developer Relations

Feature announcement: We've implemented the Platform.sh web application firewall onto all Enterprise and Elite projects.

There’s a lot of trust involved in releasing a production site. Trust in your engineers, trust in the hosting, trust in the framework you use to build it. You also need to trust in the traffic visitors generate. Because, truth is, there are bad actors out there looking to find and exploit weaknesses to mess with you and your customers. For this reason, a web application firewall (WAF) can be an important line of defense.

A WAF protects your applications from malicious requests and coordinated attacks. Some of these attacks exploit vulnerabilities in the framework you’ve built a site on, and others are a consequence of the HTTP protocol itself.

This week we’ve rolled out a new feature to all Enterprise and Elite customers: the Platform.sh WAF. The WAF monitors incoming requests to your sites. Should a request trigger any of the conditions outlined in our protection ruleset, it is filtered out, stripped of suspicious headers, or otherwise blocked entirely.

Potential vectors that the Platform.sh WAF protects your sites from include:

  • HTTP protocol attacks: request smuggling, header injection, and response splitting
  • Slowloris denial of service attacks
  • A number of well known vulnerabilities in famous frameworks like Drupal and Magento

You can find a full list of protections implemented by our WAF in our security documentation.

No changes need to be made to your projects to get the Platform.sh WAF; it’s already been released onto all Enterprise and Elite projects on the layer between the outside world and your application. So release your production site with added trust in the security of your site and user data.

Get the latest Platform.sh news and resources

Related Content

Don’t be held to ransom: Security awareness with Platform.sh

Don’t be held to ransom: Security awareness with Platform.sh

AboutSecurity and complianceTrust CenterBoard and investorsCareersPressContact us
Leader Winter 2023
System StatusPrivacyTerms of ServiceImpressumWCAG ComplianceManage your cookie preferencesReport a security issue
© 2023 Platform.sh. All rights reserved.
Supported by Horizon 2020's SME Instrument - European Commission 🇪🇺