With the rise of web threats, any internet based Web Application needs to have a proper firewall in place to protect it from cyber-attacks. The most appropriate type of firewall in most cases is a Web Application Firewall, often referred to as a ‘WAF’.
A WAF can be network-based or cloud-based and is often deployed in front of one or more websites or applications. Running as a network appliance (virtual or physical) or a Cloud service, the WAF inspects each packet and uses a rule base to analyse Layer 7 Web Application logic and filter out potentially harmful traffic that can facilitate web exploits.
Some network based WAF options include:
- An open source WAF such as ModSecurity
- A commercial WAF such as the F5 WAF
- A Cloud vendors native WAF such as the AWS WAF or Azure WAF
Another option is a Cloud-Based WAF service to protect your web application from online threats automatically and ‘in the cloud’. There are big benefits in taking this approach which include the fact that threats are actually being stopped before they get anywhere near your Web Application as all incoming traffic goes via the Cloud-Based WAF.
In some cases you might implement both – yes both, the ultimate WAF protection some might say!
Some examples of a Cloud-Based WAF service include:
Cloudflare is a big player in this space with a large market share and enables protection against malicious attacks that aim to exploit vulnerabilities including SQLi, XSS and more, by simply turning on the OWASP Core Ruleset. To quickly protect against new and zero-day vulnerabilities you can also turn on Cloudflare’s Managed Ruleset. As the vulnerability landscape changes quickly, Managed Rulesets are updated regularly by Cloudflare to provide fast and seamless protection against the latest attack vectors.
There is also flexibility to build your own Firewall Rules with attributes including user-agent, path, country, query string, IP address, and more. Simulation mode enables you to quickly test your newly created rules before deploying it live.
To summarise, if you have a Web Application and you want to protect it from internet based threats – you need a WAF. Cloud based WAF services are great, the service provider does a lot of the heavy lifting and they are relatively simple to set up. For the ultimate protection you may want to implement both, but this depends on your Organisation and risk profile.
We hope you have enjoyed reading our first Blog of 2021! The Cyber Security Specialists team.