I have an application that is being planned to be exposed to internet clients via a reverse proxy deployed in the DMZ, . I have recommended that the deployments use WAF/Cloudflare along with this to secure the application.
However iam not sure how capable UTM/WAF/Cloudflare etc is to be able to determine whether there is anything that the application has to do, to ensure its availability.
For eg
I could concieve of a DDOS attack that is launched using slow clients, which come under the DOS rate limits, which
- keeps requesting unguarded application resources (which cannot be cached)
- keeps sending REST API requests to hit our application without success but at huge numbers can bring down the app
- request static resources with a unique pattern so that the proxy cache is escaped and hits the application etc
Can WAF/UTM/Cloudflare sort out these bad clients by noticing these access patterns or will the application need to do something about it (Fail2Ban etc?)