A web application firewall (WAF) protects applications against sophisticated Layer 7 attacks that might otherwise lead to loss of sensitive data, system hijack by attackers, and downtime.
A WAF protects applications by actively monitoring and filtering traffic. It looks for common attack types such as SQL injection, cross‑site scripting (XSS), file inclusions, and other types of active intrusion. It is like a shield sitting right in front of your web server to keep out potentially harmful attacks.
Different Types of WAFs
- DevOps (host‑based) – F5 has created a modern WAF application that also works with NGINX Plus, NGINX Ingress Controller, and other servers. For details, see NGINX App Protect.
- ModSecurity (host‑based) – The NGINX ModSecurity WAF is based on the widely used ModSecurity open source software. For more information, see NGINX ModSecurity WAF and The NGINX ModSecurity WAF Joins the Google Cloud Security Partner Ecosystem.
- Hardware – A physical product installed by your IT department that has a low latency but increased costs.
- Cloud – Typically provided by a third party and therefore not preferred for application protection due to the lack of controls and access.
Ready to learn more about WAF? Check out our resources page, WAF – Web Application Firewall.