WAF – Web Application Firewalls | WAF Introduction

Post Written by
Valentina Stojković

Web Application Firewall protects your web service by filtering, monitoring, and blocking any malicious HTTP/S traffic going through to the web application. WAF prevents any non-authorized data from accessing or leaving the app. Having WAF is just like having a toll booth, for example, tool booths allow only paying customers to drive on the toll road like that it prevents non-paying customers from accessing the road. 

WAF operates through a set of rules that are mostly called policies. Policies contain specific conditions, that focus on protecting against vulnerabilities in the application by filtering out malicious traffic. WAFs protect attacks at Layer 7 of the OSI model, which is the application level. 

That includes attacks against applications like ActiveX, JavaScript, and Ajax; there is also cookie manipulation, URL attacks, and SQL injection. Attackers can also target web application protocols HTTP/S, which are used to connect the web browser and server. 

Example of how a Layer 7 DDoS can look like: the attacker sends a flood of traffic to the server layer where web pages are generated and delivered in response to HTTP requests. In this case, WAF mitigates this by acting as a reverse proxy that protects the targeted server from malicious traffic and it filters the requests to identify if it’s a DDoS or not.

WAF introduction | implementation

1. hardware-based WAF is deployed through a hardware appliance, installed locally within the local area network(LAN) close to the web and application servers. An operating system runs within the appliance, supporting software configurations and updates. A hardware-based WAF is commonly used by large organizations that gain hundreds of thousands of visits on a daily basis. This is because to serve this massive amount of clients efficiently, speed and performance become the highest priority. Most large businesses can easily afford the management and operating costs of running a hardware-based WAF.

pros: fast speed and high-performance
cons: most expensive; needs more physical space

2. software-based WAF is installed on a virtual machine, which is the total opposite of the previous one we mentioned. All the components are essentially the same as a hardware WAF. The only difference is that users would need to have their own software(hypervisor) to run the virtual machine. For example, hardware-based WAF is having coffee directly in a coffee shop, software-based WAF is more like getting it through a drive-thru, where the customer brings the coffee to their own place for consumption.

pros: less expensive; more flexible
cons: slower speed 

3. cloud-based WAF is a new generation of WAF that is provided and managed directly by a service provider in the form of software-as-a-service. Unlike the software-based WAF, here the WAF components are entirely located in the cloud. This way user does not need to install anything locally or in any virtual machines. It is most suitable for small and medium-sized organizations since it does not require any physical store and it is managed by the providers.

pros: cheapest option; simplicity
cons: relying on the service provider; limited customization 

In conclusion...

With plenty of web application firewalls offered in the market and since not all of them are created equal, it is really important to check all advantages and disadvantages, thus it is also important to understand their differences before making a well-informed decision.