So, what’s a web application firewall (WAF)?
A WAF filters, monitors, and blocks HTTP/S traffic to and from a web application to protect against malicious attempts to compromise the system or exfiltrate data. By inspecting HTTP/S traffic, a WAF can prevent web application attacks such as:
- Cross-site scripting (XSS) >
- SQL injection >
- Cookie poisoning >
- Invalid input
- Layer 7 DoS
- Brute force and credential stuffing
- Web scraping
WAFs can come in the form of an appliance, software, or as-a-service, and contain policies (set of rules) customized to an application or set of applications. This customization needs to be maintained as the application is modified.
F5 products that support a WAF include:
- BIG-IP Application Security Manager (available as an appliance or virtual edition)
- Silverline Web Application Firewall (available as a fully managed service or as an express self-service)