3.3 Web Application Firewall (WAF)
This section is part of the amber and green pathways.
A web application firewall is a device dedicated to protecting a web server. On the network, it is placed such that all traffic first passes through the WAF and then reaches the web server. A WAF is quite different from a firewall, an IDS, or an IPS, as noted in Table 3. The IPS inspects all data traffic that attempts to enter or leave the network, while the WAF inspects only the web data traffic. The traffic is inspected for specific types of attack on web servers as well as presence of malware in the content accessed/downloaded from other sites.
| Web Application Firewall (WAF) | IPS | |
|---|---|---|
| Where in the network? | Placed in front of the web server. It could also be integrated into the web server, for lower loads | Between the firewall and the router connecting to the internet |
| Primary function | Inspect application data traffic (web data traffic) and the content to protect against web-specific attacks | Inspects the data traffic and blocks suspicious data traffic from reaching the firewall |
| Protection against | SQL injection, Cross Site Scripting, session manipulation attacks, javascript-based attacks | Covers attacks against all components of a networked device – the OS (Windows, MacOS, Linux) and the applications on it (WWW, email, file sharing, etc.) |
In cases where the web traffic is small, the WAF – a piece of software – is integrated on to the web server itself. In cases where there is a substantial amount of web data traffic, a dedicated appliance is used as a WAF.
Please complete Quick poll #19 [Tip: hold Ctrl and click a link to open it in a new tab. (Hide tip)] now.
Open the poll in a new window or tab then come back here when you’re done.
Next, you’ll have the opportunity to review your learning in the end-of-week practice quiz.