WAF (Web Application Firewall)

Web Application Firewall (WAF) is a security solution that filters, tracks, and blocks Hypertext Transfer Protocol (HTTP) traffic to protect applications and servers. It applies a set of rules in the conversation between a web application and the internet, identifying the benign from the malicious traffic, and preventing potential security threats from infiltrating the system.

Attacks on web applications and servers come in different forms such as SQL injections, cross-site scripting (XSS), distributed denial of service (DDoS), file inclusion, security misconfigurations, cookie poisoning, field manipulation, parameter tampering, forced browsing, stealth commanding, and malware infections. Without a protective layer that stands between the network and the application, hackers can get into the server and access a company s sensitive information.

WAF shields an application against vulnerabilities by rerouting clients through a rule-based filter mechanism before connecting to the server. In a way, it serves as a reverse proxy by sending requests to the WAF, screening them, then sending traffic to the web application. As it analyzes data packets on a two-way HTTP traffic, pernicious elements can immediately be detected and prevented from getting into the server, thereby protecting the system from attacks.

Benefits of WAF

WAF runs in a physical device, plugin, or cloud service, and it provides the following advantages:

  • Discovers a web application s security vulnerabilities and coding errors that need immediate fixes
  • Prevents unauthorized transfer of sensitive data away from the application
  • Complements other perimeter defense and protective systems such as firewalls and intrusion prevention tools
  • Averts attacks that bypass the network firewalls and defends a web application without having to access its source code
  • Allows users to quickly modify an application s settings in response to the security threats

Blacklist and whitelist WAFs

WAF offers blacklist or negative security, whitelist or positive security, and a hybrid of the two security models. Blacklist WAF protects against known attacks, denying harmful data transfers that can expose an application s security vulnerability. On the other hand, whitelist WAF denies unknown and default traffic, allowing only trusted and pre-approved requests.

Types of WAF

WAF offers protection to a range of enterprises and industries such as e-commerce, banking, and social media platforms that need data security for their back-end databases. It can be implemented in three ways:

  • Network-based is a hardware-based type of WAF installed in a local network but requires storage and maintenance, entailing cost. The appliance device can be expensive, but its deployment is scalable.
  • Host-based is a less expensive type that is integrated into the application with a number of customization options.
  • Cloud-based is the most affordable of the three and the easiest to implement, and it comes with regular updates. A cloud-based WAF is usually a security-as-a-service solution operated by a third-party provider.

Webopedia Staff
Webopedia Staff
Since 1995, more than 100 tech experts and researchers have kept Webopedia’s definitions, articles, and study guides up to date. For more information on current editorial staff, please visit our About page.

Top Articles

The Complete List of 1500+ Common Text Abbreviations & Acronyms

UPDATED: This article was updated April 6, 2021 by Web Webster   From A3 to ZZZ we list 1,559 text message and online chat abbreviations to...

How to Create a Website Shortcut on Your Desktop

UPDATED: This article was updated April 6, 2021 by Web Webster   This Webopedia guide will show you how to create a desktop shortcut to a...

Windows Operating System History & Versions

The Windows operating system (Windows OS) refers to a family of operating systems developed by Microsoft Corporation. We look at the history of Windows...

What are the 5 Generations of Computers?

UPDATED: This article was updated on April 6, 2021 by Web Webster   Learn about each of the 5 generations of computers and major technology developments...

Random Access Memory (RAM)...

UPDATED: This article Updated April 6, 2021 by Web Webster   Random Access Memory (RAM)...

OEM – original equipment...

UPDATED: This article was updated April 6, 2021 by Web Webster OEM (pronounced as...

Best ERP Software for...

UPDATED: This page was updated April 6, 2021 by Web Webster   Enterprise resource planning...