Payrix Web Application Firewall Considerations
- Matthew Casperson
- Miles Graves
- Kevin Casas (Unlicensed)
Table of Contents:
Introduction
As part of remaining current with cybersecurity threats, Payrix leverages a Web Application Firewall (“WAF”) that fronts both production and testing environments, the Payrix Portal and API being examples. As such, there are certain rules that may place restrictions on the type of interactions that are possible with the Payrix Platform. Detailed below are some rules that are in place for consideration when attempting to access the Payrix Platform and its resources.
Firewall Rules
OFAC Rules
Below is a list of countries with country-wide IP Address blocks to prevent any activity with the Payrix Platform. If you have any users who are located in these countries they will need to leverage a Virtual Private Network (“VPN”) or equivalent to route their traffic through countries not on this list:
Country | ISO Code (2 letter) | ISO Code (3 letter) |
Belarus | BY | BLR |
Burundi | BI | BDI |
Central African Republic | CF | CAF |
Cuba | CU | CUB |
Democratic Republic of the Congo | CD | COD |
Iran | IR | IRN |
Iraq | IQ | IRQ |
North Korea | KP | PRK |
Lebanon | LB | LBN |
Libya | LY | LBY |
Mali | ML | MLI |
Myanmar (Burma) | MM | MMR |
Nicaragua | NI | NIC |
Republic of the Congo | CG | CDG |
Russia | RU | RUS |
Somalia | SO | SOM |
Sudan | SD | SDN |
Syria | SY | SYR |
Ukraine | UA | UKR |
Venezuela | VE | VEN |
Yemen | YE | YEM |
Zimbabwe | ZW | ZWE |
Rate Limiting
Payrix also deploys certain rate limiting rules to protect certain pages. The following rate limiting rules are in place:
Impacted Page | Request Threshold | Period | Block |
|---|---|---|---|
portal.payrix.com/login | 10 | 10 seconds | 30 Minutes |
General Security Rules
Payrix also leverages a set of Payrix operating environment-specific rules that will block any attacks detected that match known attack patterns published by industry sources such as OWASP. Additionally, there are rules that will assess whether requests correlate to various attack patterns commonly used by spammers, abusive bots, crawlers, et al.
Support
Given a continuously evolving cyberthreat environment, Payrix may make firewall configuration changes to adapt to observed threats. Where feasible Payrix will coordinate any changes with Partners as needed, however, there may be scenarios where a change may be deemed necessary without coordination in order to thwart an observed attack. Should you or your users experience any issues accessing the Payrix Platform and believe it to be a WAF issue you can engage our Support teams here to get in touch with us.