A web application firewall (or WAF) filters, monitors, and blocks HTTP traffic to and from a web application. A WAF is differentiated from a regular firewall in that a WAF is able to filter the content of specific web applications while regular firewalls serve as a safety gate between servers. By inspecting HTTP traffic, it can prevent attacks stemming from web application security flaws, such as SQL injection, cross-site scripting (XSS), file inclusion, and security misconfigurations.
The Basic Web Application Firewall includes the following:
- SQL injection protection.
- Cross-site scripting protection.
- Remote and local file injection/inclusion attack protection.
- Command injection protection.
The Enhanced Web Application Firewall includes the following:
- Basic Web Application Firewall.
- Denial of Service protection.
- Real time blacklists (Supports third party blacklists such as Spamhaus).
- Advanced anti-evasion protection (Prevents someone from trying to bypass the WAF).
- Threat Intelligence protection (This is based on real time attack intelligence reported by other customers, which is then make available in real time to everyone using the complete rules. This means if customer A is attacked by a system, everyone blocks that attacker in real time.)
- Automatic secure whitelisting of search engines (No false positives with search engines, they are automatically detected and whitelisted in a way that prevents spoofing. This ensures that sites page rank is also protected.)
- Malicious bot protection.
- Automatic removal of malicious code from websites (If a website is compromised, the complete rules will remove the malicious code from the website in real time, without touching any code on the system. This ensures that there is no risk to the customer websites, and also removes anything malicious from them. This means you can use the rules on a system that’s already been compromised, and eliminate the effects of the web applications compromise without having to do anything other than install the rules.)
- Advanced protection rules for SQL injection, XSS, CSRF, RFI, LFI.
- Advanced protection for WordPress, Joomla, Drupal, Magento, and other popular web applications.
- Brute force protection (Detects and blocks web authentication brute force attacks, without relying on either status codes or logs).
- Anti-spam protection (Blocks web spam).
- Data loss protection rules (Protection from credit card theft, sensitive data, error messages that show sensitive data).
- PCI-DSS compliance (Meets PCI-DSS WAF compliance requirements).
- Malware protection.
- Web shell protection (Detects and blocks web shells and other malicious code from running.)
- Advanced false positive prevention (Complete rules contain additional advanced code to prevent false positives.)
- Real time support (False positives are resolved within minutes or hours, although they are very rare with the complete rules.)
- Updates multiple times daily.