Web Application Firewall (WAF)
Secure your website with Enterprise Grade Web Application Firewall (WAF)
Last updated
Was this helpful?
Secure your website with Enterprise Grade Web Application Firewall (WAF)
Last updated
Was this helpful?
Application delivery controllers(ADC) are networking appliances that manages traffic flow to servers. The function of ADC is to improve the performance, security and resiliency of applications delivered over the web. Application Delivery Controller (ADC) comprises of Server Load Balancer (SLB), Link Load Balancer (LLB), Global Server Load Balancer (GSLB), API Gateway and Web Application Firewall (WAF / WAAP) features.
Web Application Firewall (WAF/ WAAP) is a reverse proxy solution which helps to protect web applications by filtering and monitoring HTTP traffic between a web application and the Internet. It secure company's Web applications against application layer cyber-attacks such as SQL-Injection, Cross-Site Scripting (XSS), Session Hijacking, and OWASP top 10 vulnerability threats.
WAF works as the intermediary as well as shield between the user and the app itself, analyzing and securing all communications before they reach the app or the user. A WAF operates through a set of rules often called policies. These policies aim to protect against vulnerabilities in the application by filtering out malicious traffic.
A WAF analyzes Hypertext Transfer Protocol (HTTP) requests and applies a set of rules that define what parts of that conversation are begin and what parts are malicious. The main parts of HTTP conversations that a WAF analyzes are GET and POST requests. GET requests are used to retrieve data from the server, and POST requests are used to send data to a server to change its state.
A WAF can take two approaches to analyzing and filtering the content contained in these HTTP requests or a hybrid combination of the two:
Whitelisting: A whitelisting approach means that the WAF will deny all requests by default and allow only requests that are known to be trusted. It provides a list of what IP addresses are known to be safe.
Blacklisting: A blacklisting approach defaults to letting packets through and uses preset signatures to block malicious web traffic and protect vulnerabilities of websites or web applications.
Automated Patches
Automated patches is used to detect components and environment settings to adapt the firewall more efficiently. Endpoint WAF is something that is installed inside your application. It is more aware of the environment of your website than a cloud firewall.Haltdos WAFs have the ability to use your scan report to temporarily patch your application for immediate protection.
Data Leakage Prevention
Data Loss Prevention (DLP) is a set of technologies and business policies to make sure end-users do not send sensitive or confidential data outside the organization without proper authorization. Sensitive information might include financial records, customer data, credit card data, or other protected information.
Haltdos WAF inspects all inbound traffic for attacks and outbound traffic for sensitive data. When any sensitive or malicious data is identified, it can be blocked or masked automatically. Comprehensive traffic logging helps you identify the source of any potential leaks.
Rules with Learning
Unlike most WAFs that depend upon attack signatures (aka. rules) to detect and mitigate attacks, Haltdos WAF lookout for new vectors of attacks and continuously publishes signatures to mitigate them using a combination of Rules, Artificial Intelligence, and Threat Intelligence to provide 360 ° protection for your application. It continuously learns user and application behavior to detect anomalies and take remedial measures to block 0-day attacks.
Positive + Negative Security Model
Positive Model WAF looks to allow access to specific characters or via specific rules. This means that each rule added provides greater access and conversely having no rules in place will block everything by default. This model has the benefit of severely limiting the vectors an attacker can exploit simply because everything that is not expressly allowed is automatically blocked.
Negative Model WAF works on the premise that most attackers are using exploits that have already been uncovered. By blocking these exploits and by creating patches or updates for new vulnerabilities that occur, the client will have to do very little besides ensuring that their WAF is up to date to remain secure.
Haltdos WAF is based on a Negative Security model that protects against known attacks and a Positive Security model that only admits pre-approved traffic. Think of a negative model as a club bouncer instructed to deny admittance to guests who don’t meet the dress code. Now in the positive model, this is like the bouncer at an exclusive party only admitting people who are invited. Both negative and positive have their advantages and drawbacks but when combined together with Artificial Intelligence, Haltdos WAF provides comprehensive protection to your website.
A Server Load Balancer is a hardware or virtual software appliance that distributes the application workload across an array of servers, ensuring application availability, elastic scale-out of server resources, and supports health management of backend servers and application systems.
A Server Load Balancer acts as the “traffic cop” sitting in front of your servers and routing client requests across all servers capable of fulfilling those requests in a manner that maximizes speed and capacity utilization and ensures that no one server is overworked, which could degrade performance. If a single server goes down, the load balancer redirects traffic to the remaining online servers. When a new server is added to the server group, the load balancer automatically starts to send requests to it.
Performance and Speed: Servers, when bombarded with requests, can’t keep up. They will slow down, and that will influence loading speed and response times. A server load balancer addresses this problem directly. It lowers the stress on the servers, thereby, increasing their performance, and in turn, the speed of website.
Redundancy: Be it routine maintenance or a hardware failure, at some point, server out of action temporarily. The server load balancer will see that a server is out of action and it’ll simply redirect the traffic to the other servers.
IT Flexibility: One of the most common problems that IT staff face when it comes to websites is that they must conduct website maintenance without taking the website down. It’s a bit like fixing an engine while keeping it running. With SLB, the technicians can simply turn off one server and redirect your traffic through another server. Thus, server load balancer ensures that your website doesn’t go down during maintenance.
Scalability: When a website grows means more and more visitors start pouring in, that website becomes slower and slower. SLB makes this problem much more manageable. Whenever there’s a traffic spike, SLB will step in to manage all that extra traffic.
SSL Decryption: It allows to save computation resources of the server which can be better used elsewhere. SLB help with this as well. They decrypt the data and send it to the web server. This means that the server can simply concentrate on processing the input and sending out relevant information.
An ADC with load balancing capabilities helps IT departments ensure scalability and availability of services. Its advanced traffic management functionality can help a business steer requests more efficiently to the correct resources for each end-user. An ADC offers many other functions (for example, encryption, authentication, and web application firewalling) that can provide a single point of control for securing, managing, and monitoring the many applications and services across environments and ensuring the best end-user experience. To summarize, SLB provides the following benefits:
Reduced downtime
Scalable
Redundancy
Flexibility
Efficiency
