From 4c77823fe0864dc6640a6f8eca9e1c3f3e23227d Mon Sep 17 00:00:00 2001 From: HalldorLyngmo <42831978+HalldorLyngmo@users.noreply.github.com> Date: Fri, 6 Dec 2024 11:55:48 +0100 Subject: [PATCH 1/2] Update manage-security.md Add a paragraph about WAF and link to the WAF section --- umbraco-cloud/set-up/project-settings/manage-security.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/umbraco-cloud/set-up/project-settings/manage-security.md b/umbraco-cloud/set-up/project-settings/manage-security.md index 94ca1c2b608..6a462cf94d8 100644 --- a/umbraco-cloud/set-up/project-settings/manage-security.md +++ b/umbraco-cloud/set-up/project-settings/manage-security.md @@ -7,6 +7,7 @@ Currently, these options are available: * HTTP/2 (default: on) * TLS 1.3 (default: off) * Minimum TLS Version (default: 1.2) +* WAF (default: on) When a new custom hostname is added to a Project it will have the default settings applied. But you can change the defaults for your Project, so new custom hostnames will get the default settings you have chosen. @@ -22,6 +23,9 @@ Transport Layer Security (TLS) TLS 1.3 is the newest, fastest, and most secure v Minimum TLS Version only allows HTTPS connections from visitors that support the selected TLS protocol version or newer. This option relates to the TLS versions mentioned above and the current default, which is TLS 1.2. If you want your website traffic to only use TLS 1.3 you can change the minimum version. But be mindful of the implications that this might have (see browser support above). You don't need to change the minimum version to use TLS 1.3. +## WAF Explained +A Web Application Firewall (WAF) is a security solution designed to protect web applications by filtering and monitoring HTTP traffic between them and the Internet. By acting as a shield between the web application and potential threats, it helps mitigate various common attacks such as cross-site scripting (XSS), SQL injection, and file inclusion. For more detailed information, please refer to our [WAF section](../../security/web-application-firewall.md). + ## Plan specific features Access to the different options varies depending on the Umbraco Cloud plan your project is on. Currently, the features are available as follows: From cd4e29817bf73b7598e80ef20172bb8d94ec2058 Mon Sep 17 00:00:00 2001 From: sofietoft Date: Tue, 10 Dec 2024 14:33:10 +0100 Subject: [PATCH 2/2] Fixes vale warnings --- umbraco-cloud/set-up/project-settings/manage-security.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/umbraco-cloud/set-up/project-settings/manage-security.md b/umbraco-cloud/set-up/project-settings/manage-security.md index 6a462cf94d8..baeaa8f9384 100644 --- a/umbraco-cloud/set-up/project-settings/manage-security.md +++ b/umbraco-cloud/set-up/project-settings/manage-security.md @@ -7,7 +7,7 @@ Currently, these options are available: * HTTP/2 (default: on) * TLS 1.3 (default: off) * Minimum TLS Version (default: 1.2) -* WAF (default: on) +* Web Application Firewall (WAF) (default: on) When a new custom hostname is added to a Project it will have the default settings applied. But you can change the defaults for your Project, so new custom hostnames will get the default settings you have chosen. @@ -21,10 +21,11 @@ Transport Layer Security (TLS) TLS 1.3 is the newest, fastest, and most secure v ## Minimum TLS Version Explained -Minimum TLS Version only allows HTTPS connections from visitors that support the selected TLS protocol version or newer. This option relates to the TLS versions mentioned above and the current default, which is TLS 1.2. If you want your website traffic to only use TLS 1.3 you can change the minimum version. But be mindful of the implications that this might have (see browser support above). You don't need to change the minimum version to use TLS 1.3. +The minimum TLS Version only allows HTTPS connections from visitors that support the selected TLS protocol version or newer. This option relates to the TLS versions mentioned above and the current default, which is TLS 1.2. If you want your website traffic to only use TLS 1.3 you can change the minimum version. But be mindful of the implications that this might have (see browser support above). You don't need to change the minimum version to use TLS 1.3. ## WAF Explained -A Web Application Firewall (WAF) is a security solution designed to protect web applications by filtering and monitoring HTTP traffic between them and the Internet. By acting as a shield between the web application and potential threats, it helps mitigate various common attacks such as cross-site scripting (XSS), SQL injection, and file inclusion. For more detailed information, please refer to our [WAF section](../../security/web-application-firewall.md). + +A Web Application Firewall (WAF) is a security solution designed to protect web applications by filtering and monitoring HTTP traffic between them and the Internet. Common attacks like cross-site scripting, SQL injection, and file inclusion are mitigated by acting as a shield between the web application and potential threats. For more detailed information, please refer to our [WAF section](../../security/web-application-firewall.md). ## Plan specific features