A web application firewall (WAF) is a firewall that monitors, filters or blocks data packets as they travel to and from a website or web application. A WAF can be either network-based, host-based or cloud-based and is often deployed through a reverse proxy and placed in front of one or more web sites or applications. Running as a network appliance, server plug-in or cloud service, the WAF inspects each packet and uses a rule base to analyze Layer 7 web application logic and filter out potentially harmful traffic that can facilitate web exploits. Or simply we can say that A web application firewall (WAF) is an application firewall for HTTP applications. It applies a set of rules to an HTTP conversation. Generally, these rules cover common attacks such as cross-site scripting (XSS) and SQL injection.

While proxies generally protect clients, WAFs protect servers. A WAF is deployed to protect a specific web application or set of web applications. A WAF can be considered a reverse proxy.WAFs may come in the form of an appliance, server plugin, or filter, and maybe customized to an application. The effort to perform this customization can be significant and needs to be maintained as the application is modified.

As businesses continue to expand to online, business owners need to focus on aspects of their businesses that their counterparts ten years ago never had to consider social media advertising, SEO, reviews, and website design and maintenance just to name a few. With so many online activities that small businesses need to focus on, it can be difficult to build or even think of creating a security plan that protects that website that supports your online business.

Just as an online retail customer can interact with an online retail site, hackers can conduct malicious interactions as well.  These attacks predominantly occur as SQL injections, cross-site scripting, and malicious file executions.  A modern-day WAF is designed to protect against these and other OWASP Top Ten application risks.  WAFs are able to discern fraudulent interactions from legitimate traffic.  This is a highly complex task as hackers today weave their attack code within safe-looking website traffic.

A WAF accomplishes this by intercepting and analyzing each and every HTTP request before they reach the web application. Because a WAF stands between the public and the web application, it is able to decouple the traffic between the web server and the internet.  SSL certificates are hosted on the WAF, thus terminating the encrypted connection.  Traffic is then forwarded to the web application in HTTP and analyzed.  In a sense, the WAF is working as an inbound or reverse proxy.  Response traffic is then sent back to the WAF where it is then encrypted and forwarded to the user using the HTTPS protocol.

For more cybersecurity information contact us at help@theweborion.com