📄️ Overview
IO River provides consistent security services at the edge. These services are managed via the IO River console and include:
📄️ Managed Security by IO River
IO River Managed WAF provides a pre-configured, enterprise-grade security ruleset designed to protect web applications and APIs from common threats. The ruleset includes protection against the OWASP Top 10 vulnerabilities, such as SQL injection, cross-site scripting (XSS), and insecure deserialization.
📄️ Custom Rules
WAF custom rules allow you to define specific conditions and actions to inspect and control incoming web traffic. They enable fine-grained protection tailored to your application’s needs, beyond what the managed WAF provides. You can create rules based on attributes such as IP addresses, headers, query parameters, or request body content. Custom rules help block malicious traffic, enforce business logic, and mitigate attacks that are unique to your application. They provide flexibility and control, ensuring your security policies match your specific requirements.
📄️ Rate Limiting
Rate limiting rules control how many requests a client or IP address can send to your application within a specific time window. This helps protect against abuse—such as brute-force attempts, credential stuffing, or denial-of-service attacks—by automatically throttling or blocking traffic that exceeds the allowed threshold. It ensures fair usage, reduces load on your application, and enhances overall security.
📄️ Analytics
The WAF Analytics dashboard provides visibility into security events detected and mitigated by the edge security services. It highlights key metrics such as the number of blocked requests, rule matches, and traffic trends over time. These insights help you monitor potential threats, understand how your security services are protecting applications, and adjust security policies as needed.