How does Web Application Firewall (WAF) Work?
A web application firewall (WAF) plays an essential role in protecting your website from all the many threats which can damage it (and your business). Here is what you need to know.
What exactly is a web application firewall (WAF)?
A regular web application firewall (WAF) protects the host (e.g. a local computer or mobile device) from malicious content hosted on web-servers. A website applications firewall or WAF protects web servers from client devices that seek to harm them.
Both types of firewall monitor, screen, and filter incoming and outgoing traffic looking for threats. They are, however, optimized for slightly different threats. Regular firewalls are looking for threats that could impact internet users, such as websites that are blacklisted for being malicious. WAFs are looking for signs that client computers could be malicious.
The role of a WAF is actually much more challenging because you cannot use blacklisting systems on client devices in the same way that you can on websites. You can, of course, still block client devices, otherwise, there would be little point in having a WAF, but you need to approach the process differently.
WAFs work best in combination with other security solutions
For many SMBs, the most pragmatic approach to giving their website the protection it needs is to invest in a website vulnerability scanner. These are available from different vendors and each vendor’s product will have its own functionality. Any decent product will, however, have an anti-malware scanner and a web applications firewall. There is a reason for this.
A lot of cyberattacks will involve some form of malware. This means that you need a robust anti-malware scanner to combat it. The vast majority of cyberattacks are also going to involve some sort of attempt to breach your perimeter. This is where your firewall comes into play.
WAFs tend to do most of their work at the applications level (layer seven of the OSI seven-layer model). As such it defends your website against threats such as SQL injection, cross-site-scripting (XSS), and cross-site forgery along with DDoS attacks. DDoS attacks can occur at either the infrastructure level (layers three and four of the OSI seven-layer model) or the applications level (in the context of DDoS this is considered to be layers six and seven of the OSI seven-layer model).
If DDoS is a particular concern, then you might want to boost the protection of your firewall with a DDoS mitigation service. These are similar to firewalls, but they are optimized specifically for DDoS and only come into play when a DDoS attack is detected.
Implementing a WAF
There are three main ways you can implement a WAF. These are host-based WAFs, network-based WAFs, and cloud-based WAFs.
As their name suggests, host-based WAFs are deployed directly on the server they are intended to protect. The advantage of this approach is that it allows for very tight integration and a high degree of customizability. The disadvantage of this approach is that it drains your server’s resources.
This means that you may have to choose between buying a more expensive server or seeing your page-load times increase. Even if you have the budget for a more expensive server, there are further implications to consider. In particular, more powerful servers need more powerful cooling, which means you may need extra space in your server room to accommodate the necessary fans.
Network-based WAFs are generally implemented through hardware. This has the advantage that it lifts the processing burden from the servers and minimizes latency. Unfortunately, it has all the standard disadvantages of hardware solutions.
These include the need for an appropriate space and the ability to undertake the necessary maintenance, plus you need a plan for dealing with hardware failure, including total hardware failure. What’s more, this is usually the most expensive option by far.
It’s also worth noting that both host-based WAFs and network-based WAFs only work if you have access to your web servers and/or network hardware. This is becoming increasingly unusual especially in the SMB market where there has been a huge move towards the cloud.
This is one reason for the popularity of cloud-based WAFs. Another reason, however, is that they are easy to implement, affordable (especially if you buy them as part of a website vulnerability scanner), and effective. You are unlikely to get the same level of customizability as you do with the other options, but frankly, it’s debatable how many SMBs are actually going to want it to let alone need it. Affordability and ease of use are probably far higher priorities.
Please click here now to have your website scanned, for free, by cWatch from Comodo.