Web Application Firewall (WAF)

Web Application Firewall (WAF) refers to firewall programs that protect websites from cyber incidents. The term ‘web shield’ is also sometimes used to describe them.

 

What does WAF mean in detail?

In short, a web application firewall (WAF) monitors the data exchange between a website and the rest of the internet. More precisely, it monitors the data exchange between the server on which the website is stored and all incoming requests. On the internet, data is exchanged via the HTTP protocol. A web application firewall (WAF) therefore monitors all HTTP data, filters it and blocks it if necessary.

A web application firewall does this according to rules that define dangerous and permitted requests. Many web application firewalls are ‘adaptive’, i.e. capable of recognising patterns. This enables them to identify previously unknown attacks as suspicious based on their unusual requests.

Web application firewalls work in real time, analysing all incoming requests before they reach the server.

 

Where do I encounter this issue in my everyday work?

In principle, you encounter it frequently, as many websites have a web application firewall. However, you do not notice this in everyday life because your requests to the desired pages are allowed by the web application firewalls.

 

What can I do to improve my security?

If you do not know whether your company website has a web application firewall, have this checked. Contact your IT department or an external IT security service provider. Based on the results of the check, you can then set up a web application firewall or have your existing one optimised.