Help Center/ Web Application Firewall/ User Guide (Paris) / Introduction/ Web Application Firewall
Updated on 2024-03-14 GMT+08:00
View PDF
Share

Web Application Firewall

Web Application Firewall (WAF) keeps web services stable and secure. It examines all HTTP and HTTPS requests to detect and block the following attacks: Structured Query Language (SQL) injection, cross-site scripting (XSS), web shells, command and code injections, file inclusion, sensitive file access, third-party vulnerability exploits, Challenge Collapsar (CC) attacks, malicious crawlers, and cross-site request forgery (CSRF).

How WAF Works

After enabling WAF, add the website to WAF on the WAF console. After a website is connected to WAF, all website access requests are forwarded to WAF first. WAF detects and filters out malicious attack traffic, and returns normal traffic to the origin server to ensure that the origin server is secure, stable, and available.

Figure 1 How WAF works for CNAME or dedicated access

The process of forwarding traffic from WAF to origin servers is called back-to-source. WAF uses back-to-source IP addresses to send client requests to the origin server. When a website is connected to WAF, the destination IP addresses to the client are the IP addresses of WAF, so that the origin server IP address is invisible to the client.

Figure 2 Back-to-source IP address

Protection object

WAF offers the cloud and dedicated modes to protect websites. You can add either domain names or IP addresses to WAF. Before you start, get familiar with the following differences:
  • Cloud mode: protects your cloud and on-premises web applications as long as they have domain names.
  • Dedicated mode: protects your cloud web applications as long as they have domain names or IP addresses.
Parent topic: Introduction