What is a Web Application Firewall (WAF)

Bot Shield Hero

Web Application Firewall(WAF)는 웹 서버가 정상적인 트래픽만 수신하도록 하여 다양한 공격 유형으로부터 웹 애플리케이션을 보호하는 네트워크 보안 시스템입니다.

방화벽은 이동하는(들어오고 나가는) 네트워크 트래픽을 모니터링하고 제어하는 시스템입니다. 네트워크와 개방형 인터넷 사이의 장벽 역할을 합니다.

A web application firewall is a specific type of firewall that focuses on the traffic going to and leaving web apps. Standard firewalls act as the first level of security but today’s websites and web services need more security. This is where WAFs provide specialized capabilities and thwart attacks specifically aimed at the applications themselves.

Looking for a WAF Solution? Check out CDNetwork’s Application Shield.

Web Application Firewall(WAF) 작동 방식

A WAF works by filtering, monitoring, and blocking suspicious HTTP/s traffic between a web application and the internet.

한동안 기존 방화벽을 구현하는 것이 기본적인 사이버 보안 관행이었습니다. 이러한 기능은 네트워크를 기반으로 배포되며 OSI(Open Systems Interconnection) 모델의 3~4 계층에서 작동합니다. IP 및 TCP/UDP 프로토콜을 통한 패킷 검사와 IP 주소 및 포토로콜 유형 및 포트 번호를 기준으로 트래픽을 필터링하는 역할로 제한됩니다.

A WAF on the other hand operates at Layer 7 (L7) of the OSI model and can understand web application protocols. They are essential to analyze the traffic going to and from a web application and to prevent attacks that might otherwise go undetected through a traditional network firewall and can be used as part of a positive or negative security model.

When deploying a WAF, it acts as a reverse-proxy shield between an application and the internet. A proxy server is an intermediary that protects a client machine. Reverse-proxies on the other hand ensures that the clients pass through it before reaching a server. Crucially, a WAF can be used to protect multiple applications that it is placed in front of.

A WAF uses a set of rules called policies to filter out malicious traffic from taking advantage of application vulnerabilities including the OWASP Top 10. These security policies are often based on known web attack signatures, including scanpoints like HTTP Headers, HTTP Request Body and HTTP Response Body. The set of rules can also be specified to detect patterns in URL or file extension, to restrict URI, header and body length, to detect SQL/XSS injection, zero-day exploits and even bots based on their signature detection and behavior

The key benefit of using a WAF is that these policies can be modified and implemented quickly and with ease. Some WAF providers also provide functionalities for load balancing, SSL offloading, and intelligent automation of these policy modifications using machine learning to optimize your cloud security. This makes it easy to adapt and respond to varying attack vectors and for Distributed Denial of Service (DDoS) protection.

WAF 단독으로 모든 공격을 방어할 수 없지만, 다음 일반적인 공격을 방어하기 위해 웹 애플리케이션 보안을 강화할 수 있습니다:

Cross-Site Forgery

These are attacks that force authenticated users of a web application to take actions that compromise the security of the app. Usually, an attacker tricks the user to click on a link by sending them a link via email. Once the user authentication and logins are completed, the user can be forced to perform requests such as transferring funds or changing their profile details and email addresses. If the attack is aimed at an admin account and becomes successful, it could compromise the entire web application.

Cross-Site Scripting

Cross-site scripting attacks are those where an attacker injects malware into a client’s browser to steal data including session cookies or edit the content to show false information. This usually happens when a dynamic website that contains scripts in JavaScript, PHP, and .NET is injected with malicious code. When a user loads the web page, the attacker’s malicious scripts are executed. For example, the user’s cookie may be sent to the attacker who can use it for impersonation.

SQL Injection

SQL 인젝션 공격은 공격자가 연락처 정보와 같은 사용자 입력 데이터 필드가 있는 웹사이트 및 애플리케이션에 악의적인 SQL 명령을 주입하려고 시도하는 공격입니다. 주입된 코드는 데이터베이스의 무단 액세스 권한을 가지며 데이터베이스에 포함된 개인 정보를 빼내거나 수정하는 명령을 실행합니다.

Need DDoS Protection and high-performance security solutions? CDNetwork’s Flood Shield is perfect for DDoS attacks mitigation.

What Are The Different Types of WAFs?

A WAF protects web applications by utilizing threat intelligence and blocking attacks that satisfy certain pre-set criteria while allowing approved traffic. They help protect against cross-site forgery, cross-site scripting, SQL injection, and file inclusion where attackers try to gain unauthorized access to an application to steal sensitive data or compromise the application itself.

WAF는 실행 방식에 따라 3가지 형태로 구분합니다.

Network-Based WAF

This is usually a hardware-based WAF and is installed locally. This means that it is placed close to the server and is, therefore, easier to access. As is the case with hardware-based deployments, they help minimize latency but can be expensive to store and maintain.

Host-Based WAF

호스트 기반 WAF는 애플리케이션 소프트웨어에 완전히 통합되고 애플리케이션 서버 내부 모듈과 같이 구현됩니다. 호스트 기반 WAF는 네트워크 기반 WAF보다 비용이 저렴하고 사용자 지정 기능이 많아집니다. 단점으로는 로컬 서버 리소스를 고갈시키고 애플리케이션 성능에 영향을 미칠 수 있으며, 구현 및 유지관리가 복잡할 수 있습니다.

클라우드 WAF

A Cloud-based WAF is more affordable and requires fewer on-premises resources to manage. They are easier to implement and often delivered as SaaS by a vendor. offering a turnkey installation as simple as changing the DNS to redirect web traffic. Because of the cloud service model, they also have minimal upfront cost and can be continuously updated to keep up with the latest attacks in the threat landscape. CDNetworks offers a cloud-based WAF that is integrated with our global data centers and content delivery network (CDN) and prevents web application-layer attacks in real-time.

Share This Post

Share on facebook
Share on linkedin
Share on twitter
Share on email

More To Explore

Play Video