Help Center> Web Application Firewall> Service Overview> What Is Web Application Firewall?
Updated on 2024-01-31 GMT+08:00

What Is Web Application Firewall?

Web Application Firewall (WAF) keeps web services stable and secure. It examines all HTTP and HTTPS requests to detect and block the following attacks: Structured Query Language (SQL) injection, cross-site scripting (XSS), web shells, command and code injections, file inclusion, sensitive file access, third-party vulnerability exploits, Challenge Collapsar (CC) attacks, malicious crawlers, and cross-site request forgery (CSRF).

How WAF Works (Cloud - CNAME and Dedicated Access)

After a website is connected to cloud WAF through a CNAME record, all website access requests are forwarded to WAF first. WAF detects and filters out malicious attack traffic, and returns normal traffic to the origin server to ensure that the origin server is secure, stable, and available.

Figure 1 How WAF works for CNAME or dedicated access

The process of forwarding traffic from WAF to origin servers is called back-to-source. WAF uses back-to-source IP addresses to send client requests to the origin server. When a website is connected to WAF, the destination IP addresses to the client are the IP addresses of WAF, so that the origin server IP address is invisible to the client.

Figure 2 Back-to-source IP address

How WAF Works (Cloud - ELB Access)

Cloud WAF provides an ELB access method.

  • In this method, WAF is integrated into the gateway of an ELB load balancer through an SDK module. WAF extracts traffic through the SDK module embedded in the gateway for inspection.
  • WAF synchronizes the inspection result to the load balancer, and the load balancer determines whether to forward client requests to the origin server based on the inspection result.
  • In this method, WAF does not forward traffic. This reduces compatibility and stability problems.
Figure 3 How WAF in ELB access mode works

What WAF Protects

When adding a website to WAF, you can select Cloud - CNAME, Cloud - Load balancer, or Dedicated for Protection. Before you start, get familiar with the following differences:
  • Cloud - CNAME: protects your web applications that have domain name and are deployed on any clouds or in on-premises data centers.
  • Cloud - Load balancer: protects your web applications that are deployed on Huawei Cloud and accessible over domain names or IP addresses.
  • Dedicated: protects your web applications that are deployed on Huawei Cloud and accessible over domain names or IP addresses.