Posted on by Mandar

WAF – Web Application Firewall

WAF i.e. Web Application Firewall is a layer between your web application and the external world. This firewall monitors and filters traffic to your web application, thereby protecting your web app from security flaws or unnecessary resource consumption.

Advantages of WAF

As mentioned above, WAF monitors and filters traffic at application level such as HTTP/FTP/SOAP etc. It provides protection from several flaws as listed below:

  • Cookie poisoning – by comparing the sent and received cookies to detect tampering with cookies.
  • Cross Site Scripting – by comparing the contents with signatures of malicious code.
  • SQL Injection – by checking incoming content for common SQL commands
  • Session Hijacking
  • Remote File Inclusion
  • and many of the known vulnerabilities.

How is WAF different from Network Firewall?

Network Firewall doesn’t understand application traffic. It operates at layer 3 (Network) and layer 4 (Transport). It can’t inspect SSL traffic and hence can’t provide any protection. Whereas Web Application Firewall provides extensive filtering at layer 7 (application) and provides protection from flaws as listed in the section above. You can find detailed comparison in an article by Citrix (here)

WAF - example
WAF – example – Source: https://www.secureax.com/specialist-solutions/managed-web-application-firewall/

WAF operates in one of the three models:

  • Blacklist or Negative security model – This uses content comparison against known signatures of malicious contents and blocks such traffic
  • Whitelist or positive security model – In this model, only whitelisted traffic is allowed to pass through.
  • Hybrid – a combination of above two.

There are multiple variants available for WAF – a hardware component, inline web server or a plugin to the web server. When a threat is detected, WAF can either block the traffic or throw a challenge to the requester such as a captcha. The blocking of traffic could either be based on URI or IP address or user agent. The block could remain effective for few minutes or for few hours.

Providers:

All the major cloud providers have a component for WAF – AWS, Google, Azure, Rackspace. Apart from cloud providers, one can also look at following products/providers:

  • Barracuda
  • Citrix
  • F5
  • Radware

Related Links

Related Keywords

AWS Web Application Firewall, Google Virtual Web Application Firewall, Azure Web Application Firewall, ADC, Network Firewall

 

 

Related Posts:

One Reply to “WAF – Web Application Firewall”

  1. Pingback: ufw - What is ufw? Where is it used? | Know more at tech-term.in

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.