A web application firewall (usually shortened to WAF) is a tool used by companies to help protect their web applications by carefully filtering the traffic coming from the internet to the web application. A web application can be anything from web-based mail services, through to online retail applications. Basically, anything that is accessed by a user through their web browser via an active internet connection that is served by an off-site server, usually hosted by a third party.
A WAF is there to protect web applications from complex attacks, such as cross-site request forgery (CSRF) or SQL injection. It sits at the front of the web application, and is able to analyse the HTTP traffic, moving in both directions. The WAF is designed to detect and block anything malicious attempting to access the web application. This means that WAFs are particularly beneficial to companies which have an e-commerce or finance aspect, as they are useful in preventing fraud and data theft.
There are several advantages a company can expect from using a WAF. By protecting against sophisticated, targeted attacks like cross-site scripting (XSS) WAFs can protect against severe security incursions and data theft. As well as undermining customer confidence, losing data to cyber attacks may even mean that you are subject to regulatory penalties. A WAF can provide your company’s web administrators with the application visibility that you need in order to be able to demonstrate compliance with certain regulatory standards, including GDPR.
There are several different names given to the various operating modes, but in short, there are two main ways in which a WAF may be deployed. They can either be “Transparent” or “Reverse Proxy”. If a WAF is transparent, it means that the web traffic is sent directly to the web application, so the WAF is “Transparent”, between the server and the client. Whereas a WAF that operates a reverse proxy model means that the WAF acts as a proxy, so the web traffic is sent directly to the WAF. At this stage, the WAF conducts its filtering operation and sends the filtered traffic on to the web app. Although this might slow the loading process down, there can be benefits to this approach, including IP masking.
The definition of a WAF is actually quite broad – it encompasses a range of security solutions which are based at the application level, but which are distinct from the application itself. This means that it can be implemented both in hardware or software. It might Run in an appliance device, or be part of a server running a common operating system. A WAF might be classed as a stand-alone device, or it might be integrated into other components of a network.
Although WAFs are a powerful tool for protecting web-based applications, they are not designed to provide a total security solution. They are typically most effective when used as part of a suite of cyber protection mechanisms, including network firewalls, and other intrusion prevention systems. Used as part of a holistic defence strategy, they are an effective tool.