Web Application Firewall (WAF)- What it Does?

Web Application Firewall (WAF)- What it Does
You are here:

Web Application Firewall or WAF helps protect web applications by monitoring HTTP and filtering traffic between the Internet and a web application. It protects web applications from attacks like cross-site-scripting (XSS), cross-site forgery, SQL injection, file inclusion among others. A WAF is a protocol layer 7 defense, it is not designed to defend all types of attacks. This method of attack mitigation is usually part of a suite of tools which together create a holistic defense against a wide array of attack vectors.

When a WAF is deployed in front of a web application, there is a shield is placed in between the Internet and web application. By using an intermediary the proxy server protects a client machine’s identity, but the WAF is a type of reverse-proxy, that protects the server from exposure by having clients pass through the WAF before reaching the server.

A set of rules often called policies is what a WAF operates upon, and these policies aim to protect against vulnerabilities by filtering out malicious traffic. The value of a WAF comes in part from the policy modification that can be implemented with speed and ease, as it allows for faster response to varying attack vectors; by modifying WAF policies the rate limiting can be quickly implemented in case of a DDoS attack

Blacklist and Whitelist WAFs and the differences

Think of a blacklist WAF as a club bouncer it is instructed to deny permission to those who fails to follow the protocol. It operates based on a blacklist that protects against known attacks. A WAF based on a whitelist only allows traffic that has been pre-approved. Both blacklists and whitelists have their advantages and drawbacks, which is why many WAFs offer a hybrid security model, which implements both.

What are network-based, host-based, and cloud-based WAFs?

A WAF can be implemented one of three different ways, each with it’s own benefits and shortcomings:

A network-based WAF is generally hardware-based. Since they are installed locally they minimize latency, but network-based WAFs are the most expensive option and also require the storage and maintenance of physical equipment.

A host-based WAF may be fully integrated into an application’s software. This solution is less expensive than a network-based WAF and offers more customizability. The downside of a host-based WAF is the consumption of local server resources, implementation complexity, and maintenance costs. These components typically require engineering time, and may be costly.

Cloud-based WAFs offer an affordable option that is very easy to implement; they usually offer a turnkey installation that is as simple as a change in DNS to redirect traffic. Cloud-based WAFs also have a minimal upfront cost, as users pay monthly or annually for security as a service. Cloud-based WAFs can also offer a solution that is consistently updated to protect against the newest threats without any additional work or cost on the user’s end. The drawback of a cloud-based WAF is that users hand over the responsibility to a third-party, therefore some features of the WAF may be a black box to them.

Previous An Introduction to Network Security

Julia Sowells960 Posts

Julia Sowells has been a technology and security professional. For a decade of experience in technology, she has worked on dozens of large-scale enterprise security projects, and even writing technical articles and has worked as a technical editor for Rural Press Magazine. She now lives and works in New York, where she maintains her own consulting firm with her role as security consultant while continuing to write for Hacker Combat in her limited spare time.


comodo partner

Welcome! Login in to your account

Remember me Lost your password?

Don't have account. Register

Lost Password