In simple terms, a web app firewall, commonly abbreviated as WAF is a firewall that monitors, filters or blocks the HTTP traffic to and from a web application.
In a little more technical definition, a web app firewall WAF is an appliance, server plug-in, or filter that applies a set of rules to an HTTP conversation. Usually, these rules cover common attacks such as cross-site scripting, abbreviated as XSS and SQL injection. By customizing the rules to your application, many attacks can be identified and blocked forehand. The effort to perform this customization can be significant and needs to be maintained as the application is modified.
In the contemporary world web threats are constantly on the rise, the risks and costs involved to keep websites and data secure have increased. Web app firewall, makes it easy for you to respond to attacks in just seconds while at the same time not slowing down your website.
A web app firewall can be either network-based or host-based and is typically deployed through a proxy and placed in front of one or more web applications. In real time or near-real time, it monitors traffic before it reaches the web application, analyzing all requests using a rule base to filter out potentially harmful traffic or traffic patterns. Web application firewall is a common security control used by companies to protect Web based databases against zero-day exploits, impersonation and known vulnerabilities and attackers.
Web app firewall ceases attacks at the network edge, thereby protecting your website from common web threats and specialized attacks before they get to your servers. It covers both desktop and mobile websites as well as applications.
The Web App Firewall functions by examining HTTP requests to your website. It examines both GET and POST requests and applies rules to help filter out unlawful traffic from legitimate website visitors. It is also your decision to make whether to block, challenge or simulate an attack. With blocking and challenging, some web app firewalls will block any traffic identified as illegal before it reaches your origin web server.
Blocking an attack will stop any action before it is posted to your website. It may also stop legitimate traffic if the rule set is too broadly defined.
Web app firewall helps you to block users from uploading or downloading content or files that are in formats that aren’t supposed to be used by your application. This can be of great importance to you as you are able to limit contamination of your web server and prevent the theft of administrative files like backups, source code, or data that aren’t supposed to be accessed.
Some good examples of Web app firewall are Citrix Systems Inc.’s NetScaler AppFirewall, Fortinet Inc.’s FortiWeb-400C and F5 Networks Inc.’s BIG-IP Application Security Manager.
- Application Firewall
- Firewall Network
- Why Some Data Masking Web Firewalls Fail To Protect The Web Server