Web application firewall

From Citizendium
Revision as of 16:33, 25 July 2010 by imported>Justin C. Klein Keane (Initial stub)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search
This article is developing and not approved.
Main Article
Discussion
Related Articles  [?]
Bibliography  [?]
External Links  [?]
Citable Version  [?]
 
This editable Main Article is under development and subject to a disclaimer.

Web application firewalls (WAF) are devices that limit web application access in an attempt to prevent malicious traffic. As an increasing amount of traffic is directed over traditional web ports (HTTP on port 80 and HTTPS on port 443) web applications have become a larger target for attackers. Ironically, much of the effort to move applications to web based services is an effort to avoid the restrictive filtering of traditional firewalls. Because most organizations allow HTTP/HTTPS traffic, deploying a web based application has the advantage of lower configuration overhead.

Purpose

WAF's function to limit malicious traffic to web applications by applying signatures to incoming traffic. When signatures match the WAF effectively blocks requests to prevent attacks. SQL injection and cross site scripting are two common attacks that can be effectively mitigated using a WAF.

Types of WAF

Web application firewalls generally fall under two categories: hardware and software. Hardware WAF's are usually turnkey solutions that include the WAF platform and software. Software WAF's are implemented purely in code and can be deployed to existing web servers. The advantage of hardware WAF's is that they do not consume webserver resources. The disadvantage to a hardware WAF is overhead and infrastructure. Both hardware and software WAF's function in fundamentally the same ways, however.

There are several different vendors of WAF's, both closed and open source. The Apache mod security is one popular open source WAF.

References