Web Application Firewall (WAF) is a tool used to protect web applications. WAF is deployed in front of web applications. It checks HTTP and HTTPS traffic between the Internet and web applications and identifies and blocks web attacks based on predefined protection rules. WAF can defend against many types of attacks, such as SQL injection, cross-site scripting (XSS), web shells, command/code injection, file inclusion, sensitive file access, third-party application vulnerability exploits, CC attacks, malicious crawler scanning, and cross-site request forgery (CSRF). You can use WAF to protect web servers, web applications, and sensitive data.
How WAF Works
After applying for WAF, add the website to WAF on the WAF console. After a website is connected to WAF, all website access requests are forwarded to WAF first. WAF detects and filters out malicious attack traffic, and returns normal traffic to the origin server to ensure that the origin server is secure, stable, and available.
Figure 1 How WAF Works
The process of forwarding traffic from WAF to origin servers is called back-to-source. WAF uses back-to-source IP addresses to send client requests to the origin server. When a website is connected to WAF, the destination IP addresses to the client are the IP addresses of WAF, so that the origin server IP address is invisible to the client.
Figure 2 Back-to-source IP address
What WAF Protects
WAF offers the cloud and dedicated modes to protect websites. You can add either domain names or IP addresses to WAF. Before you start, get familiar with the following differences:
- Cloud mode: protects your cloud and on-premises web applications as long as they have domain names.
- Dedicated mode: protects your cloud web applications as long as they have domain names or IP addresses (public or private IP addresses).