Improving the Security of your Website: Rate Limiting

Digital Key
Click to enlarge

CU*Answers Web Services and Network Services employ several layers to keep our servers and websites safe. Starting this week, CU*Answers Web Services is adding an additional layer to your web security by turning on rate limiting on your website web application firewalls. This improves the security of your website by preventing drive-by bad guys from scanning your website for possible issues they could exploit. This is part of our ongoing dedication to ensuring the safety and security of your digital assets.

With rate limiting on your website, the server will begin throttling and slowing down requests and possibly blocking requests for IP addresses that make excessive amounts of requests to your website. We are following the vendor’s recommendations for these levels and monitoring it closely in our dashboards, however, there is always the possibility that regular users are blocked. If this happens, the block will automatically fall off after a short period of time or you can always contact Web Services with the IP address that was inadvertently blocked.

Finally, CU*Answers does not disable security features or whitelist vendors to perform scans or penetration assessments. While we understand these tests are likely to be benign, CU*Answers hosts sites for many clients. All penetration tests risk unintentional denial of service to our clients, no matter how careful the testing firm is in setting parameters.

CU*Answers does hire external audit firms to test our webhosting sites on a regular basis. In addition, CU*Answers also performs its own vulnerability scans on no less than a quarterly basis. While we do not make public the results of testing, all results are reported to the CU*Answers Board of Directors, as well as any plans for remediation. CU*Answers does make publicly available our control scheme through our SSAE-18 SOC 1 and SOC 2 reports, which can be downloaded from the CU*Answers Due Diligence page.