1st generation web application firewalls use a pattern matching solution with many false positives. It will assume your website is hacked when it did not actually happen. This error originates from having two simple lists. One list of IPs give access permission, and another list of IPs deny permission to access your website. Based on these lists alone, many firewall services inaccurately block innocent visitors who simply want to visit your website. It is extremely difficult to manage this generation of firewall products. It is also impossible to respond immediately to any new attacks that have not been discovered before. As a result, this generation of firewall products reduces the speed for web service.
Although 2nd generation firewall is more accurate than the 1st, it has long a way to go. The way the 2nd generation firewall works is that it is exactly the same two lists as in the 1st generation, but automated. Even with this method, it takes a long time to analyze traffic prior to making these lists. Furthermore, every time you make changes to the website, it must go through another drawn out period of analysis to make those lists. Although 2nd generation firewall is automated, it still has to be managed by an administrator to make sure it is working properly. As this method is still based on pattern matching, it still can’t protect your website from prospective attacks because it doesn’t learn to predict new attacks.
This is where our product comes in. Cloudbric is built without lists or a pattern-matching system in order to reduce false positives.