Skip to content

Update manage-security.md to include WAF paragraph and link to the WAF section in the docs #6727

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 2 commits into from
Dec 10, 2024
Merged

Update manage-security.md to include WAF paragraph and link to the WAF section in the docs #6727

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
4c77823
Update manage-security.md
HalldorLyngmo Dec 6, 2024
cd4e298
Fixes vale warnings
sofietoft Dec 10, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 6 additions & 1 deletion umbraco-cloud/set-up/project-settings/manage-security.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ Currently, these options are available:
* HTTP/2 (default: on)
* TLS 1.3 (default: off)
* Minimum TLS Version (default: 1.2)
* Web Application Firewall (WAF) (default: on)

When a new custom hostname is added to a Project it will have the default settings applied. But you can change the defaults for your Project, so new custom hostnames will get the default settings you have chosen.

Expand All @@ -20,7 +21,11 @@ Transport Layer Security (TLS) TLS 1.3 is the newest, fastest, and most secure v

## Minimum TLS Version Explained

Minimum TLS Version only allows HTTPS connections from visitors that support the selected TLS protocol version or newer. This option relates to the TLS versions mentioned above and the current default, which is TLS 1.2. If you want your website traffic to only use TLS 1.3 you can change the minimum version. But be mindful of the implications that this might have (see browser support above). You don't need to change the minimum version to use TLS 1.3.
The minimum TLS Version only allows HTTPS connections from visitors that support the selected TLS protocol version or newer. This option relates to the TLS versions mentioned above and the current default, which is TLS 1.2. If you want your website traffic to only use TLS 1.3 you can change the minimum version. But be mindful of the implications that this might have (see browser support above). You don't need to change the minimum version to use TLS 1.3.

## WAF Explained

A Web Application Firewall (WAF) is a security solution designed to protect web applications by filtering and monitoring HTTP traffic between them and the Internet. Common attacks like cross-site scripting, SQL injection, and file inclusion are mitigated by acting as a shield between the web application and potential threats. For more detailed information, please refer to our [WAF section](../../security/web-application-firewall.md).

## Plan specific features

Expand Down
Loading