What is a web application firewall (WAF)?
A web application firewall is a firewall that tracks, filters, and blocks data packets as they travel to and from a website or web application. It typically protects web applications from attacks such as cross-site request forgery, cross-site-scripting (XSS), file inclusion, distributed denial of service (DDoS), misconfigurations, field manipulation, parameter tampering, forced browsing, stealth commanding, malware infections, and, among others.
A WAF is often deployed through a reverse proxy, and placed in front of one or more websites or applications. It can run as a network appliance, server plugin, or cloud service. The WAF analyses each packet and uses a rule base to analyse Layer 7 web application logic to filter out potentially harmful traffic that can cause web intrusion and data breach.
By deploying a WAF in front of a web application, a shield is placed between the web application and the Internet. Through customisation of the analysis, a WAF can detect and immediately prevent several of the most dangerous web application security flaws which makes it superior to the traditional network firewalls and other intrusion detection systems (IDSes) or intrusion prevention systems (IPSes).
Companies that provide products or services over the Internet such as e-commerce shopping, online banking, and other interactions between customers or business partners find WAFs most useful.
How does a WAF work?
WAFs filter, monitor, and block malicious HTTP traffic traveling to the web application and prevent unauthorised data from leaving it. Filtering, blocking, and monitoring are done in line with a set of rules known as policies that determine what traffic is malicious and what is safe.
These policies protect against vulnerabilities in the application and can be modified quickly if needed.
While a proxy server serves as an intermediary to protect a client machine’s identity, a WAF serves as a type of reverse proxy, protecting the server’s identity by having the client pass through the WAF before getting to the server.
NGFW disadvantages
- To derive the biggest benefit, organisations need to integrate NGFWs with other security systems, which can be a complex process
- Costlier than other firewall types
Types of web application firewalls
A WAF can be implemented one of three different ways, each with its benefits and disadvantages:
Network-based WAFs:
A network-based WAF is generally hardware-based. They are installed locally via a dedicated appliance as close to the application as possible, as a result, they minimise latency. But network-based WAF is the most expensive option and also requires the storage and maintenance of physical equipment.
Host-based WAFs:
A host-based WAF may be fully integrated into an application’s software itself. This option offers greater customisability and lower cost. Managing host-based WAFs requires more time and human resources and it also requires a huge portion of the local server resources to run effectively.
Cloud-hosted WAFs:
Cloud-based WAFs are affordable and easy to implement. They are usually a turn-key solution in which installation is as simple as a change in DNS or proxy change to redirect application traffic. Here, users pay monthly or annually for security as a service and hence cloud-based WAFs also have a minimal upfront cost.
The drawback of a cloud-based WAF is that the responsibility of controlling the organisation’s application traffic is handed over to a third-party provider. The good side is that the strategy enables applications to be protected across a wide range of hosting locations and uses similar policies to protect against application layer attacks.
Additionally, these third parties have the latest threat intelligence and can help identify and block the latest application security threats.
Differences between a WAF and a firewall
A firewall is a broad term for firmware whose function is to defend a computer network by filtering incoming data packets. Based on what kind of protection they provide and how they provide it, they can be classified into different categories such as packet filtering, stateful inspection, proxy, and next-generation firewalls (NGFWs).
A WAF falls into another category of a firewall based on how specifically it filters data packets. WAF focuses solely on web-based intrusions at the application layer which other types of firewalls such as packet filtering and stateful inspection ― may not be able to defend against. A WAF is most like a proxy firewall but with a specific focus on Layer 7 application logic.
Web application firewalls from Globalnet Solutions Australia
Globalnet Solutions Australia can deploy a web application firewall (WAF) to protect against HTTP and web application-based security flaws. This security is specifically designed to obstruct an attack without disrupting legitimate users or application performance.
For complete security measures, we generally deploy WAF technology as a companion to a traditional network firewall.
Globalnet Solutions Australia is a preferred supplier under the Victorian & NSW state government panels and is also part of the Municipal Association of Victoria (MAV) purchasing contract.