IPFYI
🔒 Network Security 7 Min. Lesezeit

Web Application Firewalls (WAF) Explained

How WAFs protect web applications from OWASP top 10 attacks and when to deploy them.

What Is a WAF?

A Web Application Firewall (WAF) inspects HTTP/HTTPS traffic between clients and web applications. Unlike traditional network firewalls that operate at layers 3-4, WAFs understand application-layer (layer 7) protocols and can detect attacks hidden in legitimate-looking requests.

WAFs protect against the OWASP Top 10 vulnerabilities including SQL injection, cross-site scripting (XSS), cross-site request forgery (CSRF), and more.

How WAFs Work

WAFs use several detection methods:

  • Signature-based — Matches requests against known attack patterns (like antivirus signatures)
  • Anomaly-based — Builds a baseline of normal traffic and flags deviations
  • Machine learning — Trained models detect sophisticated attacks that bypass static rules
  • Positive security model — Only allows requests matching a defined schema, blocking everything else

Deployment Models

Model Example Pros Cons
Cloud WAF Cloudflare, AWS WAF Easy setup, DDoS protection Latency, vendor lock-in
Reverse proxy ModSecurity + Nginx Full control, no data sharing Maintenance burden
Inline appliance F5, Imperva High throughput Expensive, complex

When to Use a WAF

Every public-facing web application benefits from a WAF. However, a WAF is not a substitute for secure coding practices. It is a defense-in-depth layer that catches attacks that slip past input validation, parameterized queries, and other application-level defenses.

Start with a cloud WAF in detection-only mode, review the logs, and gradually enable blocking rules to avoid false positives.

Siehe auch

SSL/TLS Certificate Glossar DDoS Glossar DNS Spoofing Glossar Encryption Glossar Firewall Glossar HTTPS Glossar Intrusion Detection System (IDS) Glossar Man-in-the-Middle Attack Glossar SSL vs TLS Vergleichen SFTP vs FTPS Vergleichen SSH vs Telnet Vergleichen IDS vs IPS Vergleichen