Overview
Web Application Firewall (WAF)
Access Control
WAF has acccess control rules. These are the gatekeeper. They look at the context of the request (who, where, and how).
It can be conditioned on:
- Path : www.example.com /admin; the URL location
- Request cookies: Cookies inside of the request
- Request headers: valid User-Agent or security header such as X-App-Token
- URL query: the parameters in the URL string ?id=1&something=2
- Country/Region: determined by the IP address
- Source IP address
- Host: if the load balancer handles multiple hosts
- Request method: Checks the request type
Common Use Cases:
- Geo-Blocking (location-Based)
- IP Whitelisting/Blacklisting
Protection Control
Common Use Cases:
- SQL Injection Protection: Scans request body,headers, and URL attempts
- Cross-Site Scripting (XSS) protection: No malicious scripts embedded in URLs
- Local/Remote File Inclusion: Prevents attacks from loading sensitive local files or remote code execution
- Command Injection: Guard against OS-level commands in web requests
- Protocol Violation: Blocks malformed packets