Payrix Web Application Firewall Considerations

Table of Contents:


Introduction

As part of remaining current with cybersecurity threats, Payrix leverages a Web Application Firewall (“WAF”) that fronts both production and testing environments, the Payrix Portal and API being examples. As such, there are certain rules that may place restrictions on the type of interactions that are possible with the Payrix Platform. Detailed below are some rules that are in place for consideration when attempting to access the Payrix Platform and its resources.

Firewall Rules

OFAC Rules

Below is a list of countries with country-wide IP Address blocks to prevent any activity with the Payrix Platform. If you have any users who are located in these countries they will need to leverage a Virtual Private Network (“VPN”) or equivalent to route their traffic through countries not on this list:

Country

ISO Code (2 letter)

ISO Code (3 letter)

Belarus

BY

BLR

Burundi

BI

BDI

Central African Republic

CF

CAF

Cuba

CU

CUB

Democratic Republic of the Congo

CD

COD

Iran

IR

IRN

Iraq

IQ

IRQ

North Korea

KP

PRK

Lebanon

LB

LBN

Libya

LY

LBY

Mali

ML

MLI

Myanmar (Burma)

MM

MMR

Nicaragua

NI

NIC

Republic of the Congo

CG

CDG

Russia

RU

RUS

Somalia

SO

SOM

Sudan

SD

SDN

Syria

SY

SYR

Ukraine

UA

UKR

Venezuela

VE

VEN

Yemen

YE

YEM

Zimbabwe

ZW

ZWE

Rate Limiting

Payrix also deploys certain rate limiting rules to protect certain pages. The following rate limiting rules are in place:

Impacted Page

Request Threshold

Period

Block

Impacted Page

Request Threshold

Period

Block

portal.payrix.com/login

10

10 seconds

30 Minutes

General Security Rules

Payrix also leverages a set of Payrix operating environment-specific rules that will block any attacks detected that match known attack patterns published by industry sources such as OWASP. Additionally, there are rules that will assess whether requests correlate to various attack patterns commonly used by spammers, abusive bots, crawlers, et al.

Support

Given a continuously evolving cyberthreat environment, Payrix may make firewall configuration changes to adapt to observed threats. Where feasible Payrix will coordinate any changes with Partners as needed, however, there may be scenarios where a change may be deemed necessary without coordination in order to thwart an observed attack. Should you or your users experience any issues accessing the Payrix Platform and believe it to be a WAF issue you can engage our Support teams here to get in touch with us.