What Help4 Net WAF protects against today
This is the current public protection baseline for Help4 Net. It covers what we actively enforce at the edge right now so customers can make practical rollout decisions.
1) Web exploit filtering
- Request filtering for common injection classes including SQL injection and reflected/stored XSS patterns.
- Path traversal, malformed URL, and suspicious payload pattern controls.
- Known malicious request signatures aligned with current virtual patch and hardening policies.
2) Abuse and automation controls
- Rate controls and request shaping to reduce brute-force and abusive bot traffic.
- Guardrails that reduce cache-burn patterns and repeated invalid request floods.
- Policy controls for referer behavior in Free/Pro asset modes.
3) Origin safety behavior
- Origin bypass controls in proxy mode to keep edge policy authoritative.
- POP health-aware fallback behavior to preserve page availability during partial outages.
- Cache and route controls tuned to avoid stale-content lock-in after failure events.
4) Enterprise policy controls
- Full-proxy mode with WAF policy controls and advanced delivery behavior.
- Security header controls and allow/deny list features through account surfaces.
- Per-domain operational telemetry used for tuning and incident response.
5) Continuous CVE monitoring and virtual patching
- Recurring internet CVE intelligence scans run on scheduled cadence.
- High-risk intelligence can start staged virtual patch rollout while origin updates are in progress.
- Default auto-block posture prioritizes known-exploited CVEs to reduce false-positive block risk.
Protection reduces risk but cannot guarantee zero incidents in all scenarios. Permanent patching at the origin platform remains required.