Web application firewall

from Wikipedia, the free encyclopedia

A Web Application Firewall ( WAF ) or Web Shield is a method that is supposed to protect web applications from attacks via the Hypertext Transfer Protocol (HTTP). It thus represents a special case of an application level firewall (ALF) or an application level gateway (ALG).

Compared to classic firewalls and intrusion detection systems (IDS), a WAF examines communication on the application level. This normally does not require any changes to the web application to be protected.

protection

Attacks against which a WAF is supposed to offer protection:

functionality

The WAF examines all incoming requests and the responses from the web server. Access is blocked for suspicious content. To classify dangerous or prohibited actions, an application security scanner is often used in a preceding learning phase . This analyzes the application, often in dialogue with a user, and uses it to generate profiles for permissible actions. Alternatively, a type of crawler or application security scanner is used to control the web pages of the web application and to try out the fields in the form. In this case, the application runs in a kind of passive mode, that is, allowed and non-allowed entries are recorded in a log file. The administrator can use the log file to see which actions would be blocked in a set operation and, if necessary, can selectively activate them by setting up special rules. The specific procedures vary from provider to provider.

For example, if two parameters are defined for an examined form, the WAF can block all requests that contain three or more parameters. The length and content of the parameters can also be checked. Simply by specifying general rules about the nature of the parameters, e.g. B. the maximum length and the permitted range of values, many attacks can be prevented or made more difficult for the attacker.

species

This article or section needs to be revised. Details should be given on the talk page. Please help to improve it , and then remove this flag.

A distinction is made between the following types based on their position in the network and server topology:

  • Reverse proxy
  • Appliance
  • integrated directly in the web server (e.g. Hiawatha )
  • Plugin for web server
  • Passive Device (IDS)

Due to its central position, a WAF is an ideal candidate - similar to a firewall - to examine all requests for an application and to correct or reject them if necessary.

advantages

  • Multiple levels of protection (additional protection to existing filters in the application)
  • Security gaps can be closed for multiple applications behind the WAF at the same time
  • Protection of applications that can no longer be updated ( legacy systems )
  • Ability to protect vulnerable third-party applications until they repair it themselves

disadvantage

  • Security gaps can u. U. continue to be exploited by circumventing the WAF
  • Differences in request processing make new attacks possible ( e.g. HTTP request smuggling )
  • Operation disrupted due to filters that are too restrictive or incorrectly configured
  • Applications that use active content on the client side (e.g. JavaScript ) are poorly supported or require considerable configuration effort
  • Using a WAF can lead to carelessness in developing the application, but a WAF is not a substitute for safe use

Web links

Part 2 ( Memento from October 18, 2009 in the Internet Archive )
Part 3 ( Memento from October 18, 2009 in the Internet Archive )
Part 4 ( Memento from October 18, 2009 in the Internet Archive )