I was looking into web application firewalls the other day and I decided I want to use one or more to get the idea of how they work. My hosting provider did not provide mod_security (WAF module for Apache) on their server, nor I did have access to it, so I decided to try something external.
My blog doesn’t have enough traffic/revenue for a subscription and there aren’t that many free choices out there when it comes to web application firewalls. Cloudflare might be what some of you are thinking, but they do not offer the WAF functionality in their free plan, only CDN. What I’ve found was a up-to-4GB of traffic free subscription at Cloudbric.
Traffic on the blog isn’t that blooming, but I have noticed a somewhat ascendent pattern. Visitors are growing organically but relatively slow. I began to wonder why It suddenly dropped 10 times at a certain point that coincided with me subscription to the free WAF service.
A drop was expected but not that sudden and big, even though it’s WordPress and it’s expected to be a heavy target, So I began by filling a ticket asking for more info (which turn out that there was nothing strange about the filters) and doing some research on google on how would that be possible. Another company providing WAF services has an annual report on their stats and the details of the report made it clear – the majority of my website (and all other) visitors are not human-like (nor authentic human).
As the number of average visitors / day decreases, the non-human activity is increasing. Sites with average of 1000 visitors / day have ~80% of their traffic non-human while big ones (1M/day) have ~50%. In my case, that was around 90% of my traffic.
Akismet figures were correlating with the WAF installation too. As you can see below, you can notice a drop of around ~80% in spam attempts.
Don’t get too high on your visitors, especially if you’re a small website, as most of them are not human. Use a WAF to get the real idea of what traffic is your website generating and to limit the resources used improperly (more relevant if you’re self hosting / self administering your server )