The bigger the door, the more people can get past. When you build a website, you open a door to the entire world. A big part of web security is about getting back control over who can get past that door. Web application firewalls offer one way to get that control.

Web Application Firewalls Are Not the Same As Firewalls

Conventional firewalls limit access to ports. The ports can be blocked entirely or allow certain types of traffic to pass through. The firewall pays no attention to the content of that traffic.

Web application firewalls focus their attention on content. By setting up a website with https, you make traffic to the website secure, but encrypted, secure traffic can still be malicious. Web application firewalls examine the content of the traffic in order to detect potentially dangerous requests. Depending on how you configure your web application firewall, a potentially dangerous request can be blocked completely, trigger an alert, or simply be logged.

Risks Web Application Firewalls Can Catch

Many of the risks web application firewalls can catch require patching in application code, which is time consuming. The firewall provides a centralized location for implementing protection against threats such as:

• cross-site scripting (XSS)
• SQL injection
• Distributed Denial of Service (DDoS) attacks
• remote file inclusion
• command injection

One study found that more than half of all web attacks attempted SQL injection, so the protection web application firewalls provide against that threat is a significant portion of the protection your web application needs.

Deploying A Web Application Firewall

If you host your website locally, you can choose from a variety of firewall solutions. If you host your web application in Microsoft Azure, the Azure Web Application Firewall is integrated into the Azure Application Gateway. Incidents are logged in realtime, and status can be reviewed through Azure Monitor and the Azure Security Center. The logs can also be incorporated into Azure Log Analytics for further investigation into threats.

Azure Web Application Firewall, like most web application firewalls, can be configured to provide active protection by blocking suspicious traffic or to merely log suspicious requests. Because there can be false positives, it is possible for legitimate transactions to be stopped by a web application firewall. Teams should be sensitive to this possibility and be prepared to customize rule settings as needed. Running in the logging-only mode first is recommended to minimize problems due to this.

Contact Prescient Solutions to get help with your web application firewall and make sure you have all the appropriate security in place. Our team is certified in leading security products and provides cybersecurity IT consulting and managed services to organizations in Chicago and Schaumburg. Whether your data is in the cloud or on your premises, we’ll  make sure it’s protected against the many threats to data security.