A web application firewall is a specific form of application firewall that filters, monitors, and blocks HTTP traffic to and from a web service

A WAF (web application firewall) is a filter that protects against HTTP application attacks. It inspects HTTP traffic before it reaches your application and protects your server by filtering out threats that could damage your site functionality or compromise data.

A WAF or Web Application Firewall helps protect web applications by filtering and monitoring HTTP traffic between a web application and the Internet. It typically protects web applications from cross-site forgery, cross-site-scripting (XSS), file inclusion, and SQL injection, among others. A WAF is a protocol layer seven defence (in the OSI model) and is not designed to defend against all types of attacks. This method of attack mitigation is usually part of a suite of tools that together create a holistic defence against a range of attack vectors.

A web application firewall (WAF) protects web applications from various application-layer attacks such as cross-site scripting (XSS), SQL injection, and cookie poisoning, among others. Attacks to apps are the leading cause of breaches—they are the gateway to your valuable data. With the right WAF in place, you can block the array of attacks that aim to exfiltrate that data by compromising your systems.

By deploying a WAF in front of a web application, a shield is placed between the web and the Internet. While a proxy server protects a client machine’s identity by using an intermediary, a WAF is a type of reverse proxy, protecting the server from exposure by having clients pass through the WAF before reaching the server.

A WAF operates through a set of rules often called policies. These policies aim to protect against vulnerabilities in the application by filtering out malicious traffic. The value of a WAF comes in part from the speed and ease with which policy modification can be implemented, allowing for faster response to varying attack vectors; during a DDoS attack, rate limiting can be quickly implemented by modifying WAF policies.

As companies and users increasingly rely on web applications, such as web-based email or e-commerce functionality, application-layer attacks pose a greater risk to productivity and security. Therefore, a WAF is crucial to protect against rapidly emerging web security threats.

How does WAF work?

A web application firewall is deployed in front of web applications and analyzes bi-directional web-based (HTTP) traffic – inspecting both GET and POST requests – detecting and blocking anything malicious.

Unlike a regular firewall, which only serves as a safety gate between servers, a WAF is an application security measure located between a web client and a web server.

The most frequent malicious attacks are usually automated. These types of threats are difficult to detect because they are often designed to mimic human traffic and go undetected.

A WAF performs a deep inspection of every request and response for all common forms of web traffic. This inspection helps the WAF to identify and block threats, preventing them from reaching the server.

WAF protects your web apps by filtering, monitoring, and blocking any malicious HTTP/S traffic travelling to the web application and preventing unauthorized data from leaving the app. It does this by adhering to policies that help determine what traffic is malicious and what traffic is safe. Just as a proxy server acts as an intermediary to protect a client’s identity, a WAF operates similarly but in reverse—called a reverse proxy—acting as an intermediary that protects the web app server from a potentially malicious client.

WAFs can come in the form of software, an appliance, or delivered as-a-service. Policies can be customized to meet the unique needs of your web application or set of web applications. Although many WAFs require you to update the policies regularly to address new vulnerabilities, advances in machine learning enable some WAFs to update automatically. This automation is becoming more critical as the threat landscape continues to grow in complexity and ambiguity.

The different ways to deploy a WAF

A WAF can be deployed in several ways. For example, it all depends on where your applications are deployed, the services needed, how you want to manage it, and the level of architectural flexibility and performance you require. Do you want to manage it yourself, or do you want to outsource that management? Is it a better model to have a cloud-based option, or do you want your WAF to sit on-premises? How you want to deploy will help determine what WAF is right for you. Below are your options.

WAF Deployment Modes:

● Cloud-based + Fully Managed as a Service—this is a great option if you require the fastest, most hassle-free way to get WAF in front of your apps (especially if you have limited in-house security/IT resources)

● Cloud-based + Self Managed—get all the flexibility and security policy portability of the cloud while still retaining control of traffic management and security policy settings

● Cloud-based + Auto-Provisioned—this is the easiest way to get started with a WAF in the cloud, deploying security policy in an easy, cost-effective way

● On-premises Advanced WAF (virtual or hardware appliance)—this meets the most demanding deployment requirements where flexibility, performance and more advanced security concerns are mission-critical

 

TYPES OF ATTACKS A WAF PROTECTS AGAINST

Typically, a Web Application Firewall will protect your online site against the following types of attacks:

DDoS attacks: overwhelming an application’s servers by sending copious amounts of traffic and requests to bring a server down.

SQL Injection: executed on the contact and submissions forms of a website. Hackers insert harmful SQL codes into the user fields in the form of requests and queries. This helps them gain access to the website’s backend and steal information.

Cross-Site Scripting (XSS): attackers use loopholes and gaps within the application to insert malicious codes/scripts, which get activated when the users load the website.

Zero-day attacks: these attacks are completely unexpected and reveal security gaps after the attack has been executed and the damage has been done. To orchestrate these attacks, perpetrators spend some time snooping on the application to identify vulnerabilities and target them.

Stealth commanding: an attack on the operating system of the application’s server.

Man-in-the-middle attacks: the attackers place themselves in the middle of the two parties (e., the application and the user) and impersonate one of the two. It can be organized through IP spoofing, DNS poisoning, SSL hijacking, etc.

Malware: application vulnerabilities or hacking attacks like Phishing are used to infect the website with malware like Trojan, ransomware, spyware, rootkits, etc.

Defacements: the assailants infiltrate a website and change its contents to display astonishing or offensive information that might be detrimental to the website’s reputation.

What are the Benefits of a Cloud WAF?

Using a cloud, WAF provides a scalable platform that can be accessed globally, helping to protect against multiple threats for large web applications worldwide.

A cloud web app firewall like KONA WAF enables users to:

● Reduce the risk of downtime, data theft and security breaches with a WAF that can scale to protect against the largest DoS and DDoS attacks.

● Ensure high performance even during attacks thanks to Akamai’s global architecture.

● Defend against new and emerging threats with help from Akamai’s Threat Intelligence Team.

● Minimize costs of cloud security by avoiding the need for expensive dedicated hardware.

What are network-based, host-based, and cloud-based WAFs?

A WAF can be implemented one of three different ways, each with its benefits and shortcomings:

● A network-based WAF is generally hardware-based. Since they are installed locally, they minimize latency, but network-based WAFs are the most expensive option and require the storage and maintenance of physical equipment.

● A host-based WAF may be fully integrated into an application’s software. This solution is less expensive than a network-based WAF and offers more customizability. The downside of a host-based WAF is local server resources, implementation complexity, and maintenance costs. These components typically require engineering time and may be costly.

● Cloud-based WAFs offer an affordable option that is very easy to implement; they usually offer a turnkey installation that is as simple as a change in DNS to redirect traffic. Cloud-based WAFs also have a minimal upfront cost, as users pay monthly or annually for security as a service. Cloud-based WAFs can also offer a consistently updated solution to protect against the newest threats without any additional work or cost on the user’s end. The drawback of a cloud-based WAF is that users hand over the responsibility to a third party. Therefore some features of the WAF may be a black box to them. Learn about Cloudflare’s cloud-based WAF solution.

Now that you know everything about what is WAF, how it works, the purposes it serves, and the various ways it is deployed, it’s time to make a choice!