Web App firewalls

WAF

• It is a web application firewall to protect web applications from common web exploits.
• It works at the application layer and conducts inline inspection of all the inbound traffic
• Can detect and filter against flaws  in web application security
• Uses web ACL rules
• It defines customizable web security rules to control which traffic accesses web applications.
• Conditions are listed in rules, for specific requests
• Actions can also be triggered, if condition is fulfilled
• It helps you to identify and block common DDoS request patterns and effectively mitigate a DDoS attack.
• Can configure rules for web requests, as per conditions, to
  • allow
  • block
  • monitor (count)
• Conditions can be defined as per
  • IP addresses
  • HTTP headers
  • HTTP body
  • URI strings
  • SQL injection
  • cross-site scripting