Skip to content

How does WAF Protect an HTTP Service?

About

How Does WAF Protect an HTTP Service and in What Way?

Web Application Firewall is a network security solution developed to protect web addresses, web applications, and web-based services that traditional firewalls and IDS/IPS devices cannot secure. WAF is specifically designed to protect web applications. It safeguards web applications and servers against web-based attacks that IPS devices cannot prevent. While IPS devices analyze network traffic packets focusing on anomaly detection, and firewalls operate at the network level by filtering traffic based on IP addresses, ports, and protocols, WAF inspects session traffic purely over the HTTP protocol to block attacks.

WAF uses OWASP signatures to secure web applications. OWASP provides a reference for identifying common web application vulnerabilities and attack vectors. Based on these signatures, WAF detects and blocks attacks like SQL Injection and Cross-Site Scripting. The signatures analyze HTTP requests and session traffic to detect threats that match known attack patterns.

OWASP signatures are periodically updated to provide dynamic protection against emerging threats. This ensures not only protection against known attacks but also effective defense against risks defined by OWASP. The signatures can be customized in terms of both protection level and sensitivity, allowing configurations best suited to system needs.

In many cases, application developers can implement security measures on the software side. For instance, input validation and filtering can be used in code to mitigate threats like SQL Injection or XSS. However, these measures might not always be sufficient or may be overlooked due to the complexity of the application. Additionally, making security-based changes to existing software may negatively impact application behavior if not properly tested. In such scenarios, WAF provides a fast and effective solution by filtering attacks and securing the application layer. WAF serves as a critical defense mechanism to complement missing or insufficient software-side security measures.

Interface

WAF Protection Methods

Option > 1

By following "Monitor Mode > Related vService > WAF Management > OWASP Protection Level > OWASP Rules", current signatures, their descriptions, risk levels, and protection scopes can be viewed in detail. OWASP signatures can be manually added as needed.

For a vService that is in blocking mode, these signatures are automatically activated with default settings, enabling signature-based protection. This ensures proactive defense against critical security threats based on OWASP signatures.

Option > 2

By following "Monitor Mode > Related vService > WAF Management > Checks", information on structural checks can be accessed.

Structural checks analyze specific paths within the related service using rule sets tailored for control fields like Query, Header, JSON, XML, Form, and Raw. Requests that do not comply with these rules are blocked—even if no signature is triggered—thanks to structural checks. This provides an automatic protection mechanism against zero-day attacks.

Option > 3

On the "Checks" screen, requests from clients listed under the Blacklist IP category can be directly blocked by activating the 'Blacklist Protection' feature.