{"id":3334,"date":"2025-12-15T13:38:35","date_gmt":"2025-12-15T10:38:35","guid":{"rendered":"https:\/\/www.dchost.com\/blog\/web-uygulama-guvenlik-duvari-waf-nedir-cloudflare-waf-ve-modsecurity-ile-web-sitesi-koruma-rehberi\/"},"modified":"2025-12-15T13:38:35","modified_gmt":"2025-12-15T10:38:35","slug":"web-uygulama-guvenlik-duvari-waf-nedir-cloudflare-waf-ve-modsecurity-ile-web-sitesi-koruma-rehberi","status":"publish","type":"post","link":"https:\/\/www.dchost.com\/blog\/web-uygulama-guvenlik-duvari-waf-nedir-cloudflare-waf-ve-modsecurity-ile-web-sitesi-koruma-rehberi\/","title":{"rendered":"Web Uygulama G\u00fcvenlik Duvar\u0131 (WAF) Nedir? Cloudflare WAF ve ModSecurity ile Web Sitesi Koruma Rehberi"},"content":{"rendered":"<div class=\"dchost-blog-content-wrapper\"><p>Web siteniz ister k\u00fc\u00e7\u00fck bir kurumsal tan\u0131t\u0131m sayfas\u0131, ister yo\u011fun trafikli bir e\u2011ticaret ya da SaaS uygulamas\u0131 olsun; art\u0131k hepsi ayn\u0131 ortak riskle kar\u015f\u0131 kar\u015f\u0131ya: HTTP \u00fczerinden \u00e7al\u0131\u015fan web uygulamalar\u0131na y\u00f6nelik otomatik ve hedefli sald\u0131r\u0131lar. G\u00fcvenlik denetimleri s\u0131ras\u0131nda en s\u0131k g\u00f6rd\u00fc\u011f\u00fcm\u00fcz tablo \u015fu: Sunucu taraf\u0131nda temel g\u00fcvenlik duvar\u0131 (firewall), g\u00fcncel bir i\u015fletim sistemi ve SSL\/TLS var; ama uygulama katman\u0131n\u0131 filtreleyen bir <strong>Web Uygulama G\u00fcvenlik Duvar\u0131 (WAF)<\/strong> yok. Sonu\u00e7ta SQL injection, XSS, brute\u2011force, spam bot\u2019lar ve L7 DDoS gibi sald\u0131r\u0131lar do\u011frudan uygulamaya \u00e7arp\u0131yor.<\/p>\n<p>Bu rehberde WAF kavram\u0131n\u0131 sadele\u015ftirerek anlataca\u011f\u0131z: <strong>WAF nedir, neyi \u00e7\u00f6zer, neyi \u00e7\u00f6zmez<\/strong>; Cloudflare WAF ile network perimetresinde neler yapabilirsiniz; sunucu taraf\u0131nda ModSecurity ile hangi ek korumalar\u0131 kurabilirsiniz ve ikisini birlikte kullanarak DCHost altyap\u0131s\u0131 \u00fczerinde katmanl\u0131 bir savunma mimarisini nas\u0131l kurgulayabilirsiniz, ad\u0131m ad\u0131m konu\u015faca\u011f\u0131z.<\/p>\n<div id=\"toc_container\" class=\"toc_transparent no_bullets\"><p class=\"toc_title\">\u0130&ccedil;indekiler<\/p><ul class=\"toc_list\"><li><a href=\"#Web_Uygulama_Guvenlik_Duvari_WAF_Nedir\"><span class=\"toc_number toc_depth_1\">1<\/span> Web Uygulama G\u00fcvenlik Duvar\u0131 (WAF) Nedir?<\/a><ul><li><a href=\"#Geleneksel_guvenlik_duvarindan_farki\"><span class=\"toc_number toc_depth_2\">1.1<\/span> Geleneksel g\u00fcvenlik duvar\u0131ndan fark\u0131<\/a><\/li><li><a href=\"#WAF_hangi_saldiri_turlerini_engeller\"><span class=\"toc_number toc_depth_2\">1.2<\/span> WAF hangi sald\u0131r\u0131 t\u00fcrlerini engeller?<\/a><\/li><\/ul><\/li><li><a href=\"#WAF_Neden_Bu_Kadar_Kritik_Hale_Geldi\"><span class=\"toc_number toc_depth_1\">2<\/span> WAF Neden Bu Kadar Kritik Hale Geldi?<\/a><\/li><li><a href=\"#Cloudflare_WAF_ile_Perimetre_Guvenligi\"><span class=\"toc_number toc_depth_1\">3<\/span> Cloudflare WAF ile Perimetre G\u00fcvenli\u011fi<\/a><ul><li><a href=\"#Cloudflare_mimarisinde_WAF_nereye_oturur\"><span class=\"toc_number toc_depth_2\">3.1<\/span> Cloudflare mimarisinde WAF nereye oturur?<\/a><\/li><li><a href=\"#Managed_kurallar_ve_OWASP_Top_10_korumasi\"><span class=\"toc_number toc_depth_2\">3.2<\/span> Managed kurallar ve OWASP Top 10 korumas\u0131<\/a><\/li><li><a href=\"#Ozel_Cloudflare_WAF_kurallari_olusturma\"><span class=\"toc_number toc_depth_2\">3.3<\/span> \u00d6zel Cloudflare WAF kurallar\u0131 olu\u015fturma<\/a><\/li><li><a href=\"#Oran_sinirlama_Rate_Limiting_ve_L7_DDoS_savunmasi\"><span class=\"toc_number toc_depth_2\">3.4<\/span> Oran s\u0131n\u0131rlama (Rate Limiting) ve L7 DDoS savunmas\u0131<\/a><\/li><li><a href=\"#WordPress_ve_PHP_siteler_icin_pratik_Cloudflare_WAF_ayarlari\"><span class=\"toc_number toc_depth_2\">3.5<\/span> WordPress ve PHP siteler i\u00e7in pratik Cloudflare WAF ayarlar\u0131<\/a><\/li><\/ul><\/li><li><a href=\"#Sunucu_Tarafinda_WAF_ModSecurity\"><span class=\"toc_number toc_depth_1\">4<\/span> Sunucu Taraf\u0131nda WAF: ModSecurity<\/a><ul><li><a href=\"#ModSecurity_nedir_nasil_calisir\"><span class=\"toc_number toc_depth_2\">4.1<\/span> ModSecurity nedir, nas\u0131l \u00e7al\u0131\u015f\u0131r?<\/a><\/li><li><a href=\"#OWASP_Core_Rule_Set_CRS_ile_standart_koruma\"><span class=\"toc_number toc_depth_2\">4.2<\/span> OWASP Core Rule Set (CRS) ile standart koruma<\/a><\/li><li><a href=\"#Yanlis_pozitiflerle_basa_cikma_ve_tuning_sureci\"><span class=\"toc_number toc_depth_2\">4.3<\/span> Yanl\u0131\u015f pozitiflerle ba\u015fa \u00e7\u0131kma ve tuning s\u00fcreci<\/a><\/li><li><a href=\"#Performans_etkisi_ve_olceklendirme\"><span class=\"toc_number toc_depth_2\">4.4<\/span> Performans etkisi ve \u00f6l\u00e7eklendirme<\/a><\/li><\/ul><\/li><li><a href=\"#Cloudflare_WAF_ve_ModSecurityyi_Birlikte_Kullanmak\"><span class=\"toc_number toc_depth_1\">5<\/span> Cloudflare WAF ve ModSecurity\u2019yi Birlikte Kullanmak<\/a><ul><li><a href=\"#Katmanli_savunma_mimarisi_ornegi\"><span class=\"toc_number toc_depth_2\">5.1<\/span> Katmanl\u0131 savunma mimarisi \u00f6rne\u011fi<\/a><\/li><li><a href=\"#Loglama_ve_olay_takibi\"><span class=\"toc_number toc_depth_2\">5.2<\/span> Loglama ve olay takibi<\/a><\/li><\/ul><\/li><li><a href=\"#DCHost_Uzerinde_WAF_Stratejisi_Nasil_Kurulur\"><span class=\"toc_number toc_depth_1\">6<\/span> DCHost \u00dczerinde WAF Stratejisi Nas\u0131l Kurulur?<\/a><ul><li><a href=\"#Paylasimli_hosting_kullananlar_icin\"><span class=\"toc_number toc_depth_2\">6.1<\/span> Payla\u015f\u0131ml\u0131 hosting kullananlar i\u00e7in<\/a><\/li><li><a href=\"#VPS_ve_dedicated_sunucu_kullananlar_icin\"><span class=\"toc_number toc_depth_2\">6.2<\/span> VPS ve dedicated sunucu kullananlar i\u00e7in<\/a><\/li><li><a href=\"#WAF_SSLTLS_ve_HTTP_guvenlik_basliklari_birlikte_dusunulmeli\"><span class=\"toc_number toc_depth_2\">6.3<\/span> WAF, SSL\/TLS ve HTTP g\u00fcvenlik ba\u015fl\u0131klar\u0131 birlikte d\u00fc\u015f\u00fcn\u00fclmeli<\/a><\/li><\/ul><\/li><li><a href=\"#Sonuc_WAF_Bir_Luks_Degil_Altyapinin_Temel_Parcasi\"><span class=\"toc_number toc_depth_1\">7<\/span> Sonu\u00e7: WAF Bir L\u00fcks De\u011fil, Altyap\u0131n\u0131n Temel Par\u00e7as\u0131<\/a><\/li><\/ul><\/div>\n<h2><span id=\"Web_Uygulama_Guvenlik_Duvari_WAF_Nedir\">Web Uygulama G\u00fcvenlik Duvar\u0131 (WAF) Nedir?<\/span><\/h2>\n<p>Web Uygulama G\u00fcvenlik Duvar\u0131, k\u0131saca <strong>WAF<\/strong>, HTTP\/HTTPS trafi\u011fini inceleyerek zararl\u0131 istekleri uygulaman\u0131za ula\u015fmadan \u00f6nce engelleyen bir g\u00fcvenlik katman\u0131d\u0131r. Geleneksel firewall\u2019lar genellikle <strong>IP, port ve protokol<\/strong> seviyesinde karar verirken; WAF, URL, parametre, header, cookie, body i\u00e7eri\u011fi gibi <strong>uygulama katman\u0131 (Layer 7)<\/strong> detaylar\u0131na bakar. \u00d6rne\u011fin bir sald\u0131rgan <code>\/product?id=1;DROP TABLE users<\/code> gibi bir istek g\u00f6nderdi\u011finde, klasik firewall bu iste\u011fi g\u00f6r\u00fcr ama ne anlama geldi\u011fini bilmez; WAF ise bunun bir SQL injection denemesi oldu\u011funu anlay\u0131p engelleyebilir.<\/p>\n<h3><span id=\"Geleneksel_guvenlik_duvarindan_farki\">Geleneksel g\u00fcvenlik duvar\u0131ndan fark\u0131<\/span><\/h3>\n<ul>\n<li><strong>Odak noktas\u0131:<\/strong> Firewall, a\u011f\u0131 ve portlar\u0131; WAF ise uygulamay\u0131 ve HTTP isteklerini korur.<\/li>\n<li><strong>Detay seviyesi:<\/strong> Firewall IP ve port bazl\u0131 \u00e7al\u0131\u015f\u0131rken, WAF parametre, cookie, path, user\u2011agent gibi detaylara bakar.<\/li>\n<li><strong>Kural seti:<\/strong> Firewall kurallar\u0131 \u00e7o\u011funlukla statikken; modern WAF\u2019lar davran\u0131\u015fsal analiz, imza tabanl\u0131 koruma ve \u00f6\u011frenen kurallarla \u00e7al\u0131\u015fabilir.<\/li>\n<li><strong>Yerle\u015fim:<\/strong> Firewall genellikle a\u011f kenar\u0131nda; WAF ise reverse proxy (Cloudflare gibi) veya web sunucusu (ModSecurity gibi) \u00fczerinde konumlan\u0131r.<\/li>\n<\/ul>\n<h3><span id=\"WAF_hangi_saldiri_turlerini_engeller\">WAF hangi sald\u0131r\u0131 t\u00fcrlerini engeller?<\/span><\/h3>\n<p>Do\u011fru yap\u0131land\u0131r\u0131lm\u0131\u015f bir WAF, OWASP Top 10\u2019da listelenen kritik zafiyetlerin b\u00fcy\u00fck k\u0131sm\u0131na kar\u015f\u0131 ciddi bir koruma sa\u011flar:<\/p>\n<ul>\n<li><strong>SQL Injection:<\/strong> URL parametreleri veya form alanlar\u0131 \u00fczerinden veritaban\u0131na zararl\u0131 sorgu enjekte edilmesi.<\/li>\n<li><strong>Cross\u2011Site Scripting (XSS):<\/strong> Ziyaret\u00e7inin taray\u0131c\u0131s\u0131nda \u00e7al\u0131\u015facak zararl\u0131 JavaScript kodlar\u0131n\u0131n siteye enjekte edilmesi.<\/li>\n<li><strong>Remote File Inclusion \/ Local File Inclusion (RFI\/LFI):<\/strong> Uygulaman\u0131n harici ya da yerel dosyalar\u0131 kontrols\u00fcz \u015fekilde include etmesi.<\/li>\n<li><strong>Komut enjeksiyonu (RCE):<\/strong> Sunucuda komut \u00e7al\u0131\u015ft\u0131rmaya y\u00f6nelik giri\u015fimler.<\/li>\n<li><strong>Brute\u2011force ve kimlik bilgisi doldurma (credential stuffing):<\/strong> Giri\u015f formlar\u0131nda \u00e7ok say\u0131da kullan\u0131c\u0131 ad\u0131\/\u015fifre denemesi.<\/li>\n<li><strong>L7 DDoS:<\/strong> Ayn\u0131 endpoint\u2019e saniyede y\u00fczlerce istek atarak uygulamay\u0131 yormaya y\u00f6nelik HTTP seviyesinde sald\u0131r\u0131lar.<\/li>\n<li><strong>Spam bot ve form istismar\u0131:<\/strong> \u0130leti\u015fim formlar\u0131, yorum alanlar\u0131, arama kutular\u0131 \u00fczerinden otomatik spam ak\u0131\u015flar\u0131.<\/li>\n<\/ul>\n<h2><span id=\"WAF_Neden_Bu_Kadar_Kritik_Hale_Geldi\">WAF Neden Bu Kadar Kritik Hale Geldi?<\/span><\/h2>\n<p>Bug\u00fcn\u00fcn web uygulamalar\u0131; WordPress, Laravel, Node.js gibi framework\u2019ler \u00fczerine kurulu, \u00e7ok say\u0131da eklenti ve entegrasyon i\u00e7eren karma\u015f\u0131k sistemler. Her eklentinin, her API entegrasyonunun kendi zafiyet riski var. Uygulaman\u0131z\u0131 tamamen hatas\u0131z geli\u015ftirdi\u011finizi varsaysak bile, \u00fc\u00e7\u00fcnc\u00fc parti bile\u015fenlerden gelecek a\u00e7\u0131klara kar\u015f\u0131 kendinizi garantiye alman\u0131z gerekiyor.<\/p>\n<p>\u00d6zellikle \u00f6deme alan e\u2011ticaret siteleri ve ki\u015fisel veri i\u015fleyen sistemler i\u00e7in WAF, sadece teknik bir tercih de\u011fil, <strong>KVKK \/ GDPR ve PCI\u2011DSS gibi reg\u00fclasyonlar<\/strong> a\u00e7\u0131s\u0131ndan da beklenen bir g\u00fcvenlik kontrol\u00fc haline geldi. Bu noktada, \u00f6deme taraf\u0131ndaki gereklilikleri daha derinlemesine incelemek isterseniz <a href=\"https:\/\/www.dchost.com\/blog\/e-ticarette-pci-dssi-dert-etmeden-nasil-uyumlu-kalirsin-hosting-tarafinda-gercekten-ne-yapmak-gerekir\/\">PCI\u2011DSS uyumlu WooCommerce ve e\u2011ticaret hosting ortamlar\u0131n\u0131n nas\u0131l kurgulanabilece\u011fini anlatt\u0131\u011f\u0131m\u0131z rehbere<\/a> g\u00f6z atabilirsiniz.<\/p>\n<h2><span id=\"Cloudflare_WAF_ile_Perimetre_Guvenligi\">Cloudflare WAF ile Perimetre G\u00fcvenli\u011fi<\/span><\/h2>\n<p><strong>Cloudflare WAF<\/strong>, trafi\u011fi DNS d\u00fczeyinde kendi a\u011f\u0131na y\u00f6nlendiren bir reverse proxy mant\u0131\u011f\u0131yla \u00e7al\u0131\u015f\u0131r. Ziyaret\u00e7ileriniz asl\u0131nda \u00f6nce Cloudflare edge sunucular\u0131na ba\u011flan\u0131r; burada WAF, DDoS, bot filtreleme ve CDN katman\u0131 devreye girer, ard\u0131ndan temizlenmi\u015f trafik as\u0131l origin sunucunuza (\u00f6rne\u011fin DCHost \u00fczerindeki <a href=\"https:\/\/www.dchost.com\/tr\/vps\">VPS<\/a> veya <a href=\"https:\/\/www.dchost.com\/tr\/fiziksel-sunucu\">dedicated sunucu<\/a>nuza) iletilir.<\/p>\n<h3><span id=\"Cloudflare_mimarisinde_WAF_nereye_oturur\">Cloudflare mimarisinde WAF nereye oturur?<\/span><\/h3>\n<p>Cloudflare kullan\u0131rken genellikle domain\u2019inizin nameserver\u2019lar\u0131n\u0131 Cloudflare\u2019a y\u00f6nlendirirsiniz. Bu mimariyi ve hosting taraf\u0131ndaki DNS se\u00e7eneklerini detayland\u0131rd\u0131\u011f\u0131m\u0131z <a href=\"https:\/\/www.dchost.com\/blog\/cloudflare-dns-mi-hosting-dnsi-mi-en-dogru-nameserver-stratejisi\/\">Cloudflare DNS mi, hosting DNS\u2019i mi sorusunu ele ald\u0131\u011f\u0131m\u0131z yaz\u0131y\u0131<\/a> da okuman\u0131z\u0131 \u00f6neririz. Bu yap\u0131 kuruldu\u011funda:<\/p>\n<ul>\n<li>Kullan\u0131c\u0131 DNS \u00e7\u00f6z\u00fcmlemesi sonucunda Cloudflare IP\u2019lerine ula\u015f\u0131r.<\/li>\n<li>HTTP(S) iste\u011fi Cloudflare edge\u2019ine gelir; burada WAF, rate limiting, bot korumas\u0131 ve \u00f6nbellek devreye girer.<\/li>\n<li>Cloudflare, temiz ve optimize edilmi\u015f trafi\u011fi origin sunucunuza iletir.<\/li>\n<\/ul>\n<p>B\u00f6ylece WAF, sald\u0131r\u0131lar\u0131 daha <strong>sunucuya gelmeden, a\u011f\u0131n kenar\u0131nda<\/strong> durdurmu\u015f olur. Bu hem g\u00fcvenlik hem de kaynak t\u00fcketimi a\u00e7\u0131s\u0131ndan ciddi avantaj sa\u011flar.<\/p>\n<h3><span id=\"Managed_kurallar_ve_OWASP_Top_10_korumasi\">Managed kurallar ve OWASP Top 10 korumas\u0131<\/span><\/h3>\n<p>Cloudflare WAF, \u00e7o\u011fu senaryoda kutudan \u00e7\u0131kar \u00e7\u0131kmaz i\u015f g\u00f6ren <strong>haz\u0131r kural setleri (Managed Rules)<\/strong> sa\u011flar. Bu kural setleri, OWASP Top 10 zafiyetleri temel alarak d\u00fczenli \u015fekilde g\u00fcncellenir. Siz sadece hangi kural gruplar\u0131n\u0131 aktif edece\u011finize ve hassasiyet seviyesine karar verirsiniz.<\/p>\n<p>\u00d6rne\u011fin:<\/p>\n<ul>\n<li>Genel OWASP kural seti ile SQL injection, XSS, RFI\/LFI gibi sald\u0131r\u0131lar\u0131 filtreleyebilirsiniz.<\/li>\n<li>WordPress veya di\u011fer pop\u00fcler CMS\u2019lere \u00f6zel kural setlerini aktif ederek bilinen exploit\u2019lere kar\u015f\u0131 ek katman olu\u015fturabilirsiniz.<\/li>\n<li>Known bot\u2019lar\u0131 ve \u015f\u00fcpheli user\u2011agent\u2019lar\u0131 hedefleyen kurallar\u0131 devreye alabilirsiniz.<\/li>\n<\/ul>\n<h3><span id=\"Ozel_Cloudflare_WAF_kurallari_olusturma\">\u00d6zel Cloudflare WAF kurallar\u0131 olu\u015fturma<\/span><\/h3>\n<p>Ger\u00e7ek d\u00fcnyada sadece haz\u0131r kurallara g\u00fcvenmek \u00e7o\u011fu zaman yeterli olmuyor. Cloudflare WAF\u2019\u0131n g\u00fcc\u00fc, <strong>esnek kural motoru<\/strong>ndan geliyor. \u015eu kriterlere g\u00f6re \u00f6zel kurallar yazabilirsiniz:<\/p>\n<ul>\n<li><strong>URL yolu:<\/strong> \u00d6rne\u011fin sadece <code>\/wp-login.php<\/code> veya <code>\/xmlrpc.php<\/code> i\u00e7in kural yazmak.<\/li>\n<li><strong>HTTP metodu:<\/strong> Sadece POST istekleri i\u00e7in daha s\u0131k\u0131 denetim uygulamak.<\/li>\n<li><strong>\u00dclke \/ ASN:<\/strong> Belirli \u00fclkelerden gelen isteklere CAPTCHA g\u00f6stermek ya da tamamen engellemek.<\/li>\n<li><strong>Header \/ cookie:<\/strong> Belirli bir token\u2019a sahip olmayan istekleri engellemek.<\/li>\n<li><strong>IP \/ IP aral\u0131\u011f\u0131:<\/strong> Kurumsal ofis IP\u2019nizi allowlist\u2019e al\u0131p, geri kalan herkes i\u00e7in ekstra do\u011frulama istemek.<\/li>\n<\/ul>\n<p>\u00d6rne\u011fin, WordPress giri\u015f sayfan\u0131z i\u00e7in a\u015fa\u011f\u0131daki stratejiyi kurabilirsiniz:<\/p>\n<ul>\n<li><code>\/wp-login.php<\/code> yoluna dakikada 5\u2019ten fazla istekte bulunan IP\u2019ler i\u00e7in CAPTCHA zorunlu olsun.<\/li>\n<li>Belirli bir \u00fclke d\u0131\u015f\u0131ndan gelen t\u00fcm <code>\/wp-admin<\/code> istekleri bloklans\u0131n.<\/li>\n<li>Giri\u015f denemeleri ba\u015far\u0131s\u0131z olduk\u00e7a, IP\u2019nin g\u00fcven skoru d\u00fc\u015fs\u00fcn ve bir e\u015fik a\u015f\u0131ld\u0131\u011f\u0131nda tamamen engellensin.<\/li>\n<\/ul>\n<p>Bu konuyu \u00f6zellikle WordPress \u00f6zelinde daha derin anlatt\u0131\u011f\u0131m\u0131z <a href=\"https:\/\/www.dchost.com\/blog\/cloudflare-waf-kurallari-ve-oran-sinirlama-ile-wordpressi-botlardan-nasil-korursun\/\">Cloudflare WAF kurallar\u0131 ve oran s\u0131n\u0131rlama rehberine<\/a> mutlaka g\u00f6z atman\u0131z\u0131 \u00f6neririz.<\/p>\n<h3><span id=\"Oran_sinirlama_Rate_Limiting_ve_L7_DDoS_savunmasi\">Oran s\u0131n\u0131rlama (Rate Limiting) ve L7 DDoS savunmas\u0131<\/span><\/h3>\n<p>Cloudflare\u2019in en g\u00fc\u00e7l\u00fc \u00f6zelliklerinden biri de <strong>Rate Limiting<\/strong> ve otomatik L7 DDoS korumas\u0131d\u0131r. Basit bir \u00f6rnekle:<\/p>\n<ul>\n<li>Ayn\u0131 IP adresi, 1 dakika i\u00e7inde ayn\u0131 endpoint\u2019e 60\u2019tan fazla istek at\u0131yorsa, bu IP 10 dakika boyunca bloklans\u0131n.<\/li>\n<li>Veya limit a\u015f\u0131ld\u0131\u011f\u0131nda tamamen bloklamak yerine, ziyaret\u00e7iye JavaScript challenge ya da CAPTCHA g\u00f6sterilsin.<\/li>\n<\/ul>\n<p>B\u00f6ylece hem brute\u2011force sald\u0131r\u0131lar\u0131 hem de yo\u011fun bot trafi\u011fini, uygulama kodunuza dokunmadan, sadece edge seviyesinde y\u00f6netebilirsiniz.<\/p>\n<h3><span id=\"WordPress_ve_PHP_siteler_icin_pratik_Cloudflare_WAF_ayarlari\">WordPress ve PHP siteler i\u00e7in pratik Cloudflare WAF ayarlar\u0131<\/span><\/h3>\n<p>DCHost\u2019ta bar\u0131nd\u0131rd\u0131\u011f\u0131m\u0131z WordPress ve PHP tabanl\u0131 sitelerde en s\u0131k uygulad\u0131\u011f\u0131m\u0131z pratik Cloudflare WAF ayarlar\u0131ndan baz\u0131lar\u0131 \u015funlar:<\/p>\n<ul>\n<li><strong>Giri\u015f sayfas\u0131 korumas\u0131:<\/strong> <code>\/wp-login.php<\/code> ve <code>\/wp-admin<\/code> i\u00e7in rate limiting + \u00fclke\/IP bazl\u0131 k\u0131s\u0131tlama.<\/li>\n<li><strong>XML\u2011RPC kapatma veya s\u0131n\u0131rland\u0131rma:<\/strong> Bu endpoint \u00e7o\u011fu brute\u2011force ve DDoS sald\u0131r\u0131s\u0131n\u0131n hedefi. Kullan\u0131lm\u0131yorsa bloklamak, gerekiyorsa s\u0131k\u0131 limit koymak iyi pratik.<\/li>\n<li><strong>Admin IP allowlist:<\/strong> Y\u00f6netim paneline sadece ofis IP\u2019lerinizden eri\u015fim izni vermek; geri kalan i\u00e7in challenge veya blok.<\/li>\n<li><strong>Bot y\u00f6netimi:<\/strong> Bilinen arama motoru bot\u2019lar\u0131n\u0131 allowlist\u2019e al\u0131p, bilinmeyen taray\u0131c\u0131 agent\u2019lar\u0131n\u0131 daha s\u0131k\u0131 kurallarla kar\u015f\u0131lamak.<\/li>\n<\/ul>\n<p>Cloudflare WAF, \u00f6zellikle <a href=\"https:\/\/www.dchost.com\/tr\/web-hosting\">payla\u015f\u0131ml\u0131 hosting<\/a> veya tek VPS \u00fczerinde birden fazla site bar\u0131nd\u0131rd\u0131\u011f\u0131n\u0131z senaryolarda, uygulama ba\u015f\u0131na ekstra geli\u015ftirme yapmadan <strong>merkezi bir g\u00fcvenlik kalkan\u0131<\/strong> sa\u011flamas\u0131yla \u00f6ne \u00e7\u0131k\u0131yor.<\/p>\n<h2><span id=\"Sunucu_Tarafinda_WAF_ModSecurity\">Sunucu Taraf\u0131nda WAF: ModSecurity<\/span><\/h2>\n<p>Cloudflare gibi edge tabanl\u0131 \u00e7\u00f6z\u00fcmler, trafi\u011fi perimetrede filtrelemek i\u00e7in harika; ancak baz\u0131 durumlarda <strong>uygulamaya \u00e7ok yak\u0131n, sunucu i\u00e7inde \u00e7al\u0131\u015fan bir WAF<\/strong> katman\u0131na da ihtiya\u00e7 duyars\u0131n\u0131z. \u0130\u015fte burada devreye <strong>ModSecurity<\/strong> giriyor.<\/p>\n<h3><span id=\"ModSecurity_nedir_nasil_calisir\">ModSecurity nedir, nas\u0131l \u00e7al\u0131\u015f\u0131r?<\/span><\/h3>\n<p>ModSecurity, Apache, Nginx ve baz\u0131 di\u011fer web sunucular\u0131yla entegre \u00e7al\u0131\u015fan, <strong>a\u00e7\u0131k kaynakl\u0131 bir WAF motorudur<\/strong>. Trafik do\u011frudan web sunucunuza geldi\u011fi i\u00e7in, ModSecurity istekleri:<\/p>\n<ul>\n<li>URL yolu<\/li>\n<li>Query string<\/li>\n<li>Header ve cookie\u2019ler<\/li>\n<li>POST body ve dosya y\u00fcklemeleri<\/li>\n<\/ul>\n<p>seviyesinde inceleyebilir. Tan\u0131mlad\u0131\u011f\u0131n\u0131z kurallara g\u00f6re iste\u011fi kabul edebilir, engelleyebilir, loglayabilir ya da sadece uyar\u0131 \u00fcretebilir.<\/p>\n<h3><span id=\"OWASP_Core_Rule_Set_CRS_ile_standart_koruma\">OWASP Core Rule Set (CRS) ile standart koruma<\/span><\/h3>\n<p>ModSecurity\u2019nin en b\u00fcy\u00fck g\u00fcc\u00fc, <strong>OWASP Core Rule Set (CRS)<\/strong> ile birlikte kullan\u0131ld\u0131\u011f\u0131nda ortaya \u00e7\u0131kar. CRS, g\u00fcvenlik toplulu\u011fu taraf\u0131ndan s\u00fcrekli g\u00fcncellenen, OWASP Top 10 odakl\u0131 kapsaml\u0131 bir kural k\u00fcmesidir. CRS ile:<\/p>\n<ul>\n<li>SQLi, XSS, RFI\/LFI, RCE gibi klasik web sald\u0131r\u0131lar\u0131na kar\u015f\u0131 geni\u015f bir imza taban\u0131 elde edersiniz.<\/li>\n<li>Bilinen exploit pattern\u2019lerine ve \u015f\u00fcpheli istek davran\u0131\u015flar\u0131na g\u00f6re filtreleme yapars\u0131n\u0131z.<\/li>\n<li>G\u00fcncellemelerle birlikte yeni ortaya \u00e7\u0131kan sald\u0131r\u0131 tekniklerine kar\u015f\u0131 da koruma sa\u011flars\u0131n\u0131z.<\/li>\n<\/ul>\n<p>ModSecurity ve OWASP CRS\u2019in pratikte nas\u0131l uysalla\u015ft\u0131r\u0131laca\u011f\u0131n\u0131, yanl\u0131\u015f pozitiflerin nas\u0131l azalt\u0131laca\u011f\u0131n\u0131 detayl\u0131 anlatt\u0131\u011f\u0131m\u0131z <a href=\"https:\/\/www.dchost.com\/blog\/modsecurity-ve-owasp-crs-ile-wafi-uysallastirmak-yanlis-pozitifleri-nasil-ehlilestirir-performansi-ne-zaman-ucururuz\/\">ModSecurity ve OWASP CRS rehberimize<\/a> mutlaka g\u00f6z at\u0131n; bu yaz\u0131da daha \u00e7ok genel stratejiye odaklanaca\u011f\u0131z.<\/p>\n<h3><span id=\"Yanlis_pozitiflerle_basa_cikma_ve_tuning_sureci\">Yanl\u0131\u015f pozitiflerle ba\u015fa \u00e7\u0131kma ve tuning s\u00fcreci<\/span><\/h3>\n<p>WAF taraf\u0131nda en s\u0131k kar\u015f\u0131la\u015ft\u0131\u011f\u0131m\u0131z sorunlardan biri <strong>yanl\u0131\u015f pozitifler<\/strong>; yani asl\u0131nda zarars\u0131z olan isteklerin sald\u0131r\u0131 gibi alg\u0131lan\u0131p engellenmesi. \u00d6zellikle CRS\u2019i y\u00fcksek hassasiyetle a\u00e7t\u0131\u011f\u0131n\u0131zda, admin panelleri, API istekleri veya baz\u0131 arama sorgular\u0131 yanl\u0131\u015fl\u0131kla bloklanabilir.<\/p>\n<p>Pratik bir tuning s\u00fcreci genellikle \u015f\u00f6yle i\u015fler:<\/p>\n<ol>\n<li><strong>\u00d6nce sadece \u201cDetection Only\u201d modunda \u00e7al\u0131\u015ft\u0131r\u0131n:<\/strong> \u0130stekler engellenmesin, sadece loglans\u0131n.<\/li>\n<li><strong>Loglar\u0131 analiz edin:<\/strong> Ger\u00e7ek sald\u0131r\u0131lar\u0131 ve yanl\u0131\u015f pozitifleri ay\u0131rt edin.<\/li>\n<li><strong>Whitelist\/exception yaz\u0131n:<\/strong> Belirli endpoint\u2019ler veya parametreler i\u00e7in istisna kurallar\u0131 tan\u0131mlay\u0131n.<\/li>\n<li><strong>Sonra \u201cBlocking\u201d moduna ge\u00e7in:<\/strong> Ay\u0131klanm\u0131\u015f kural setiyle sadece ger\u00e7ek sald\u0131r\u0131lar bloklans\u0131n.<\/li>\n<\/ol>\n<p>Bu s\u00fcreci bir kerelik de\u011fil, <strong>s\u00fcrekli bir iyile\u015ftirme d\u00f6ng\u00fcs\u00fc<\/strong> olarak g\u00f6rmek \u00f6nemli. Uygulaman\u0131z geli\u015ftik\u00e7e, yeni endpoint\u2019ler ve \u00f6zellikler geldik\u00e7e WAF taraf\u0131n\u0131 da g\u00fcncellemek gerekiyor.<\/p>\n<h3><span id=\"Performans_etkisi_ve_olceklendirme\">Performans etkisi ve \u00f6l\u00e7eklendirme<\/span><\/h3>\n<p>ModSecurity, her iste\u011fi detayl\u0131 analiz etti\u011fi i\u00e7in do\u011fal olarak baz\u0131 CPU ve bellek t\u00fcketir. DCHost taraf\u0131nda g\u00f6zlemledi\u011fimiz deneyimlerden \u00f6zetle:<\/p>\n<ul>\n<li>Basit sitelerde do\u011fru ayarlanm\u0131\u015f bir ModSecurity kural seti, fark edilir bir yava\u015flama yaratmaz.<\/li>\n<li>Yo\u011fun trafikli uygulamalarda, gereksiz a\u011f\u0131r kurallar\u0131 devre d\u0131\u015f\u0131 b\u0131rakmak ve sadece ihtiya\u00e7 duyulan rule set\u2019leri a\u00e7\u0131k tutmak \u00e7ok \u00f6nemlidir.<\/li>\n<li>Sunucu kaynaklar\u0131n\u0131 s\u0131n\u0131rl\u0131 kullanan payla\u015f\u0131ml\u0131 hosting senaryolar\u0131nda, ModSecurity kural setini daha konservatif tutmak gerekir. Bu ortamlar i\u00e7in <a href=\"https:\/\/www.dchost.com\/blog\/paylasimli-hostingde-wordpress-guvenligi-eklentiler-waf-2fa-ve-yedekler\/\">payla\u015f\u0131ml\u0131 hosting\u2019de WordPress g\u00fcvenli\u011fi rehberimizde<\/a> pratik \u00f6neriler bulabilirsiniz.<\/li>\n<\/ul>\n<h2><span id=\"Cloudflare_WAF_ve_ModSecurityyi_Birlikte_Kullanmak\">Cloudflare WAF ve ModSecurity\u2019yi Birlikte Kullanmak<\/span><\/h2>\n<p>En sa\u011fl\u0131kl\u0131 yakla\u015f\u0131m, g\u00fcvenlikte <strong>tek bir sihirli mermi aramamak<\/strong>. Cloudflare WAF ve ModSecurity\u2019yi birlikte kullanarak, hem perimetrede hem de sunucu taraf\u0131nda katmanl\u0131 bir savunma kurabilirsiniz.<\/p>\n<h3><span id=\"Katmanli_savunma_mimarisi_ornegi\">Katmanl\u0131 savunma mimarisi \u00f6rne\u011fi<\/span><\/h3>\n<p>DCHost \u00fczerinde s\u0131k\u00e7a \u00f6nerdi\u011fimiz mimari \u015f\u00f6yle:<\/p>\n<ol>\n<li><strong>DNS ve edge katman\u0131:<\/strong> Domain\u2019inizi Cloudflare\u2019a y\u00f6nlendirip, Cloudflare WAF + DDoS + Rate Limiting + Bot Management katmanlar\u0131n\u0131 aktif edin.<\/li>\n<li><strong>Origin sunucu:<\/strong> DCHost \u00fczerinde bir VPS veya dedicated sunucu kullan\u0131n; burada Apache\/Nginx + ModSecurity + OWASP CRS \u00e7al\u0131\u015fs\u0131n.<\/li>\n<li><strong>Sunucu firewall ve ek korumalar:<\/strong> nftables\/iptables, Fail2ban, SSH sertle\u015ftirme gibi host\u2011seviyesi \u00f6nlemleri devreye al\u0131n.<\/li>\n<\/ol>\n<p>Bu yakla\u015f\u0131mda:<\/p>\n<ul>\n<li>Cloudflare WAF, kaba L7 sald\u0131r\u0131lar\u0131, DDoS ve bot trafi\u011finin b\u00fcy\u00fck k\u0131sm\u0131n\u0131 daha edge seviyesinde keser.<\/li>\n<li>ModSecurity, Cloudflare\u2019dan s\u00fcz\u00fcl\u00fcp gelen daha hedefli veya sofistike sald\u0131r\u0131lar\u0131 uygulama seviyesinde filtreler.<\/li>\n<li>Sunucu firewall ve Fail2ban gibi ara\u00e7lar da SSH, SMTP, FTP gibi di\u011fer servisleri korur.<\/li>\n<\/ul>\n<p>WAF ve bot korumas\u0131n\u0131n birlikte nas\u0131l orkestre edilebilece\u011fini daha hikayeli ve derin bir dille anlatt\u0131\u011f\u0131m\u0131z <a href=\"https:\/\/www.dchost.com\/blog\/waf-ve-bot-korumasi-cloudflare-modsecurity-ve-fail2bani-ayni-masada-baristirmanin-sicacik-hikayesi\/\">Cloudflare, ModSecurity ve Fail2ban\u2019\u0131 ayn\u0131 masada bar\u0131\u015ft\u0131rma yaz\u0131m\u0131za<\/a> da mutlaka zaman ay\u0131r\u0131n.<\/p>\n<h3><span id=\"Loglama_ve_olay_takibi\">Loglama ve olay takibi<\/span><\/h3>\n<p>WAF\u2019\u0131 kurmak i\u015fin yar\u0131s\u0131, <strong>ne yapt\u0131\u011f\u0131n\u0131 izlemek<\/strong> ise di\u011fer yar\u0131s\u0131. Aksi halde ger\u00e7ek sald\u0131r\u0131larla yanl\u0131\u015f pozitifleri ay\u0131rt edemez, kural setinizi iyile\u015ftiremezsiniz. \u00d6nerdi\u011fimiz pratikler:<\/p>\n<ul>\n<li>Cloudflare taraf\u0131nda firewall event\u2019lerini d\u00fczenli olarak inceleyin; en \u00e7ok tetiklenen kurallara bak\u0131n.<\/li>\n<li>ModSecurity loglar\u0131n\u0131 merkezi bir loglama sistemine (\u00f6rne\u011fin Loki, ELK vb.) toplay\u0131n.<\/li>\n<li>Belirli kural ID\u2019leri \u00e7ok s\u0131k tetikleniyorsa, bunlar\u0131n ger\u00e7ekten sald\u0131r\u0131 m\u0131 yoksa normal trafik mi oldu\u011funu analiz edin.<\/li>\n<li>Anormal art\u0131\u015flarda uyar\u0131 verecek alarm kurallar\u0131n\u0131 tan\u0131mlay\u0131n.<\/li>\n<\/ul>\n<p>Birden fazla sunucuda log y\u00f6netimini nas\u0131l merkezi hale getirebilece\u011finizi merak ediyorsan\u0131z, <a href=\"https:\/\/www.dchost.com\/blog\/birden-fazla-sunucuda-log-yonetimi-elk-ve-loki-stack-ile-merkezi-hosting-loglama\/\">ELK ve Loki stack ile merkezi loglama rehberimize<\/a> mutlaka g\u00f6z at\u0131n.<\/p>\n<h2><span id=\"DCHost_Uzerinde_WAF_Stratejisi_Nasil_Kurulur\">DCHost \u00dczerinde WAF Stratejisi Nas\u0131l Kurulur?<\/span><\/h2>\n<p>Her projenin ihtiya\u00e7lar\u0131 farkl\u0131. Ancak DCHost taraf\u0131nda g\u00f6rd\u00fc\u011f\u00fcm\u00fcz en yayg\u0131n senaryolara g\u00f6re genel bir yol haritas\u0131 \u00e7\u0131karabiliriz.<\/p>\n<h3><span id=\"Paylasimli_hosting_kullananlar_icin\">Payla\u015f\u0131ml\u0131 hosting kullananlar i\u00e7in<\/span><\/h3>\n<ul>\n<li>Cloudflare\u2019\u0131n \u00fccretsiz plan\u0131yla ba\u015flay\u0131p temel WAF ve DDoS korumas\u0131n\u0131 devreye almak \u00e7o\u011fu basit site i\u00e7in iyi bir ilk ad\u0131md\u0131r.<\/li>\n<li>Hosting taraf\u0131nda, panelinizde sunulan ModSecurity veya temel WAF se\u00e7eneklerini aktif edin; varsay\u0131lan kural setlerini kapatmak yerine, yanl\u0131\u015f pozitif g\u00f6rd\u00fck\u00e7e istisna tan\u0131mlay\u0131n.<\/li>\n<li>WordPress, Joomla gibi CMS\u2019lerde g\u00fcvenlik eklentilerini WAF ile \u00e7ak\u0131\u015ft\u0131rmadan, sadece ek katman olarak kullan\u0131n.<\/li>\n<\/ul>\n<h3><span id=\"VPS_ve_dedicated_sunucu_kullananlar_icin\">VPS ve dedicated sunucu kullananlar i\u00e7in<\/span><\/h3>\n<p>Daha y\u00fcksek trafik alan, kritik veriler i\u015fleyen veya \u00f6zel geli\u015ftirilmi\u015f uygulamalar bar\u0131nd\u0131ran yap\u0131lar i\u00e7in \u00f6nerimiz:<\/p>\n<ul>\n<li>DCHost \u00fczerindeki VPS veya dedicated sunucunuzu <strong>Cloudflare WAF<\/strong> arkas\u0131na al\u0131n.<\/li>\n<li>Sunucu taraf\u0131nda <strong>ModSecurity + OWASP CRS<\/strong> kurun, \u00f6nce Detection Only modunda \u00e7al\u0131\u015ft\u0131r\u0131p log\u2019lar\u0131 analiz edin.<\/li>\n<li>SSH, panel giri\u015fleri ve di\u011fer y\u00f6netim aray\u00fczleri i\u00e7in IP k\u0131s\u0131tlamas\u0131 ve 2FA uygulay\u0131n.<\/li>\n<li>nftables\/iptables, Fail2ban gibi host\u2011seviyesi g\u00fcvenlik ara\u00e7lar\u0131yla brute\u2011force ve port taramalar\u0131n\u0131 erkenden kesin.<\/li>\n<\/ul>\n<p>VPS g\u00fcvenli\u011fini b\u00fct\u00fcnc\u00fcl olarak ele almak isterseniz, <a href=\"https:\/\/www.dchost.com\/blog\/vps-sunucu-guvenligi-nasil-saglanir-kapiyi-acik-birakmadan-yasamanin-sirri\/\">VPS sunucu g\u00fcvenli\u011fi rehberimizde<\/a> kap\u0131y\u0131 a\u00e7\u0131k b\u0131rakmadan ya\u015faman\u0131n pratik yollar\u0131n\u0131 detayl\u0131 anlatt\u0131k.<\/p>\n<h3><span id=\"WAF_SSLTLS_ve_HTTP_guvenlik_basliklari_birlikte_dusunulmeli\">WAF, SSL\/TLS ve HTTP g\u00fcvenlik ba\u015fl\u0131klar\u0131 birlikte d\u00fc\u015f\u00fcn\u00fclmeli<\/span><\/h3>\n<p>WAF tek ba\u015f\u0131na yeterli de\u011fildir; mutlaka <strong>g\u00fc\u00e7l\u00fc bir SSL\/TLS yap\u0131land\u0131rmas\u0131 ve do\u011fru HTTP g\u00fcvenlik ba\u015fl\u0131klar\u0131<\/strong> ile desteklenmelidir:<\/p>\n<ul>\n<li><strong>SSL\/TLS:<\/strong> Modern protokoller (TLS 1.2\/1.3), g\u00fc\u00e7l\u00fc \u015fifre k\u00fcmeleri, do\u011fru sertifika y\u00f6netimi. Bu konuda <a href=\"https:\/\/www.dchost.com\/blog\/ssl-tls-guvenlik-guncellemeleri-modern-https-icin-net-yol-haritasi\/\">modern HTTPS i\u00e7in net yol haritas\u0131 yaz\u0131m\u0131z<\/a> size iyi bir \u00e7er\u00e7eve sunar.<\/li>\n<li><strong>HTTP Security Headers:<\/strong> HSTS, CSP, X\u2011Frame\u2011Options, Referrer\u2011Policy gibi ba\u015fl\u0131klarla taray\u0131c\u0131 taraf\u0131nda ek koruma katmanlar\u0131 olu\u015fturmak. Bunun i\u00e7in de <a href=\"https:\/\/www.dchost.com\/blog\/http-guvenlik-basliklari-rehberi-hsts-csp-x-frame-options-ve-referrer-policy-dogru-nasil-kurulur\/\">HTTP g\u00fcvenlik ba\u015fl\u0131klar\u0131 rehberimizi<\/a> inceleyebilirsiniz.<\/li>\n<\/ul>\n<h2><span id=\"Sonuc_WAF_Bir_Luks_Degil_Altyapinin_Temel_Parcasi\">Sonu\u00e7: WAF Bir L\u00fcks De\u011fil, Altyap\u0131n\u0131n Temel Par\u00e7as\u0131<\/span><\/h2>\n<p>Web uygulamalar\u0131na y\u00f6nelik sald\u0131r\u0131lar art\u0131k \u201cb\u00fcy\u00fck markalar\u0131n sorunu\u201d olmaktan \u00e7\u0131kt\u0131; en k\u00fc\u00e7\u00fck ki\u015fisel blog\u2019dan yeni a\u00e7\u0131lm\u0131\u015f bir e\u2011ticaret sitesine kadar herkesin g\u00fcndeminde. Otomatik taray\u0131c\u0131lar ve botnet\u2019ler, internette a\u00e7\u0131k bulduklar\u0131 her hedefi istisnas\u0131z yokluyor. B\u00f6yle bir tabloda, <strong>Web Uygulama G\u00fcvenlik Duvar\u0131 (WAF)<\/strong> kullanmamak, kap\u0131n\u0131z\u0131 kilitlemeden evden \u00e7\u0131kmakla neredeyse ayn\u0131 anlama geliyor.<\/p>\n<p>Cloudflare WAF ile a\u011f\u0131n kenar\u0131nda, ModSecurity ile sunucu i\u00e7inde; DCHost\u2019un sa\u011flad\u0131\u011f\u0131 g\u00fcvenli VPS ve dedicated altyap\u0131s\u0131 \u00fczerinde katmanl\u0131 bir savunma kurdu\u011funuzda, riskinizi dramatik \u015fekilde d\u00fc\u015f\u00fcrebilirsiniz. Elbette hi\u00e7bir sistem y\u00fczde y\u00fcz g\u00fcvenli de\u011fil; ama WAF, SSL\/TLS, g\u00fcvenlik ba\u015fl\u0131klar\u0131, d\u00fczenli yedekler ve log takibiyle birlikte <strong>makul ve s\u00fcrd\u00fcr\u00fclebilir bir g\u00fcvenlik seviyesine<\/strong> ula\u015fmak m\u00fcmk\u00fcn.<\/p>\n<p>Altyap\u0131n\u0131zda WAF stratejisini nas\u0131l konumland\u0131raca\u011f\u0131n\u0131z, Cloudflare WAF ile ModSecurity\u2019yi birlikte nas\u0131l kullanaca\u011f\u0131n\u0131z veya DCHost \u00fczerinde projeniz i\u00e7in en uygun mimariyi nas\u0131l se\u00e7ece\u011finiz konusunda sorular\u0131n\u0131z varsa, ekibimizle ileti\u015fime ge\u00e7mekten \u00e7ekinmeyin. \u0130sterseniz mevcut sitenizi birlikte analiz edelim, riskleri \u00e7\u0131karal\u0131m ve size \u00f6zel, ger\u00e7ek\u00e7i bir g\u00fcvenlik yol haritas\u0131n\u0131 beraber olu\u015ftural\u0131m.<\/p>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>Web siteniz ister k\u00fc\u00e7\u00fck bir kurumsal tan\u0131t\u0131m sayfas\u0131, ister yo\u011fun trafikli bir e\u2011ticaret ya da SaaS uygulamas\u0131 olsun; art\u0131k hepsi ayn\u0131 ortak riskle kar\u015f\u0131 kar\u015f\u0131ya: HTTP \u00fczerinden \u00e7al\u0131\u015fan web uygulamalar\u0131na y\u00f6nelik otomatik ve hedefli sald\u0131r\u0131lar. G\u00fcvenlik denetimleri s\u0131ras\u0131nda en s\u0131k g\u00f6rd\u00fc\u011f\u00fcm\u00fcz tablo \u015fu: Sunucu taraf\u0131nda temel g\u00fcvenlik duvar\u0131 (firewall), g\u00fcncel bir i\u015fletim sistemi ve SSL\/TLS [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":3335,"comment_status":"","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-3334","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-teknoloji"],"_links":{"self":[{"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/posts\/3334","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/comments?post=3334"}],"version-history":[{"count":0,"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/posts\/3334\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/media\/3335"}],"wp:attachment":[{"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/media?parent=3334"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/categories?post=3334"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/tags?post=3334"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}