A Web Application Firewall acts as a protecting layer between the web application and the Internet. It filters the traffic and monitors it to protect the web application from certain attacks such as XSS (Cross site scripting) , DDOS (Distributed Denial of Service) and SQL Injection. Unlike traditional edge firewalls that work on network layer, a WAF works at the application layer. WAF was needed because traditional firewalls were unable to block HTTP traffic, since different web applications had the same port number (80 or 443). Diagrammatic Representation (Example Scenario): Description: When the client tries to access the Web application (say www.test.com), his request is filtered through the WAF running on Ubuntu (which filters the traffic and also gives him the illusion that the Web Application he's trying to access is hosted on an Ubuntu server) . Hence , Web application server's IP Address is not revealed (Windows 7). We can say that the WAF acts as a prox...
Cyber Security Articles