Web application firewall

Web application firewalls (WAF) are devices that limit web application access in an attempt to prevent malicious traffic. As an increasing amount of traffic is directed over traditional web ports (HTTP on port 80 and HTTPS on port 443) web applications have become a larger target for attackers. Ironically, much of the effort to move applications to web based services is an effort to avoid the restrictive filtering of traditional firewalls. Because most organizations allow HTTP/HTTPS traffic, deploying a web based application has the advantage of lower configuration overhead.

Purpose
WAF's function to limit malicious traffic to web applications by applying signatures to incoming traffic. When signatures match the WAF effectively blocks requests to prevent attacks. SQL injection and cross site scripting are two common attacks that can be effectively mitigated using a WAF.

Types of WAF
Web application firewalls generally fall under two categories: hardware and software. Hardware WAF's are usually turnkey solutions that include the WAF platform and software. Software WAF's are implemented purely in code and can be deployed to existing web servers. The advantage of hardware WAF's is that they do not consume webserver resources. The disadvantage to a hardware WAF is overhead and infrastructure. Both hardware and software WAF's function in fundamentally the same ways, however.

There are several different vendors of WAF's, both closed and open source. The Apache | mod security is one popular open source WAF.