TypeAuth provides robust security features to protect your applications from various threats. Our security suite includes a Web Application Firewall (WAF) and Geoblocking capabilities, helping you maintain a strong security posture.

Web Application Firewall (WAF)

TypeAuth’s WAF provides protection against common web vulnerabilities and attacks through a comprehensive rule set.

Overview

The WAF includes:

  • OWASP Core Rule Set integration
  • TypeAuth managed security rules
  • Real-time threat detection and blocking
  • Low false-positive rate

Key Protections

Our WAF protects against:

  • SQL Injection attacks
  • Cross-Site Scripting (XSS)
  • Remote Code Execution
  • Local File Inclusion
  • Remote File Inclusion
  • HTTP Protocol Violations
  • Common Web Attacks

Configuration

Via Dashboard

  1. Navigate to Security
  2. Select “Application Security”
  3. Toggle WAF status (Enable/Disable)

Via API

PATCH /{account_id}/security/waf/{application_id}?status=enable

OWASP Rules

TypeAuth implements the OWASP Core Rule Set, which provides:

  • Protocol violation checks
  • Request limits
  • HTTP policy enforcement
  • Bad robots detection
  • Security scanner detection

Geoblocking

Control access to your applications based on geographic regions.

Available Regions

TypeAuth offers predefined region configurations:

  • 🌎 US (United States)
  • 🇪🇺 EU (European Union)
  • 🇮🇳 IN (India)
  • 🌐 US and EU combined
  • 🦘 AU (Australia)
  • 🇩🇪 GE (Germany)
  • 🔒 TOR and Open Proxies

Configuration

Via Dashboard

  1. Navigate to Application Settings
  2. Select “Geoblocking”
  3. Choose allowed regions
  4. Save configuration

Via API

PATCH /{account_id}/security/geoblock/{application_id}?area=US

Behavior

  • Only traffic from selected regions will be allowed
  • All other traffic will be blocked with a 403 Forbidden response
  • IP geolocation is performed at the edge for minimal latency
If you select “TOR and Open Proxies” TypeAuth will block traffic from those regions

Security Best Practices

1. WAF Implementation

Always Keep WAF Enabled

  • The WAF is your first line of defense
  • Protects against known vulnerabilities
  • Regular updates with new security rules

Risks of Disabled WAF

  • Exposure to common attack vectors
  • Increased vulnerability to zero-day exploits
  • No protection against automated attacks

2. Geoblocking Strategy

Consider these factors when configuring geoblocking:

  • Your user base location
  • Compliance requirements
  • Business operations regions
  • Known threat origins

3. Monitoring and Alerts

Monitor security events through:

  • TypeAuth Map Hiys
  • Security Event logs
  • Traffic analytics

Implementation Guide

1. Basic Security Setup

POST /api/v1/applications/{application_id}/security/basic
Content-Type: application/json

{
  "waf_enabled": true,
  "geoblocking": {
    "enabled": true,
    "allowed_regions": ["US", "EU"]
  }
}

Response Codes

CodeDescriptionCause
403ForbiddenGeoblocking or WAF rule triggered
429Too Many RequestsRate limit exceeded

Recommendations

  1. Always-On Security

    • Keep WAF enabled
    • Configure appropriate geoblocking
    • Monitor security events

  2. Regular Reviews

    • Check security logs
    • Review blocked traffic
    • Update regional restrictions

  3. Incident Response

    • Monitor security alerts
    • Document security events
    • Update security policies

Limitations

  • Maximum of 10 custom WAF rules per application
  • Geoblocking limited to predefined regions
  • WAF rule updates may take up to 5 minutes to propagate
If you need to a region that is not in the list, please send and email to pablo@typeauth.com

Future Security Features

We are continuously working to enhance our security features. Upcoming additions will include:

  • Custom WAF rules
  • Advanced threat analytics

Need Help?

For security-related questions or assistance, please contact our security team or refer to our detailed security documentation.