← Back to all Resources

Webflow WAF vs Imperva

Hosting
Security

Overall, our WAF (from Signal Science) offers the same security features as Imperva WAF security features; however, we utilize Sumo Logic as our SIEM to centrally manage audit logs. Webflow does not share audit logs externally. At the moment, there is no SIEM integration available for customers. So, their Security team will not be able to receive any security log.

Webflow uses the Signal Sciences WAF and AWS Shield Advanced. AWS Shield Advanced is used to protect Layer 3 DDoS on the SSL Terminator and Signal Sciences are utilized for the core purpose of a WAF and can detect certain kinds of brute-force attacks. When combined with a highly scaled CDN network, distributed denial of service (DDoS) attacks are very effectively mitigated. We monitor for increased traffic patterns that indicate DDoS attacks and have on-call staff 24/7/365 to respond within minutes when services are at risk of becoming overloaded beyond the ability of automated scaling measures. Additionally, we use both caching and a layer 7 web application firewall to measure and mitigate such attacks. The scale and sophistication of DDoS attacks increases all the time, and our reliability engineers are constantly finding new ways to provide resiliency to various parts of our technology stack. If you find that your site hosted by Webflow is experiencing unusual latency or periods of unavailability, please reach out to our customer support team immediately and we will take action to both fix the issue and update our monitoring to better detect DDoS attacks before services are impacted.

OWASP Top Ten Coverage such as:

  • Malicious Bot Protection: Identifies and blocks attacks from malicious bots while allowing good bot traffic to access the application.
  • Distributed Denial-of-Service (DDoS) Protection: Protects against denial-of-service attacks against apps, APIs and microservices both at the network and application layers. DDoS attacks aim to make apps and APIs unavailable to legitimate users by overwhelming the web layer resource with high request volumes or abusing specific functions and features of the application.
  • Advanced Rate Limiting: Protects against abusive behavior at the application layer that negatively impacts websites and APIs.Protection for APIs and Microservices: Embeds security within the application, microservice, and function level.
  • Account takeover protection: Protects against attackers using compromised credentials from password lists and data dumps to gain unauthorized access to customer accounts through either an app's customer-facing authentication flow or via authentication APIs.

Related resources

Using an iframe on the page

Performance and accessibility considerations when using iframes
Developer
Article
Read →
Visit ↗
EXTERNAL
Accessibility
Performance
Custom code
Security

Splitting your Webflow site into multiple projects

Considerations when splitting or separating a single Webflow site into two projects
Designer
Article
Read →
Visit ↗
EXTERNAL
DNS
Hosting
Migration
SEO
Security

Domain migration

Safeguard the user experience, functionality, and security of your website during a domain migation.
Developer
Article
Read →
Visit ↗
EXTERNAL
DNS
Hosting
Migration
SEO
Security

Single sign-on (SSO) for site visitors

Implement single sign-on (SSO) for your site visitors to protect content or create a logged-in experience on your site
Developer
Article
Read →
Visit ↗
EXTERNAL
Single Sign On (SSO)
Security
User memberships

Security.txt files and Webflow

Overview of security txt files and relevant approaches in Webflow
Marketer
Article
Read →
Visit ↗
EXTERNAL
Security

Reverse proxy and custom URL structures

Options for configuring reverse proxy set ups to control the URL structure of the final rendered page.
Developer
Article
Read →
Visit ↗
EXTERNAL
Hosting
Reverse proxy

Cloudflare as a DNS registrar with Webflow hosting

Important considerations when using Cloudflare with Webflow.
Developer
Article
Read →
Visit ↗
EXTERNAL
DNS
Hosting
Reverse proxy
SSL