Acronyms can be brilliant but in an industry full of them we really don’t need another one. At least this one is easy to say!
What’s in a name? Quite a lot in this instance – it tells us what it is: Web Application Firewall and it’s a bit of a mouthful – say it out loud and maybe the acronym does have its place. But what does it do and why do you need it?
The short version: A Web Application Firewall will make your online environments much safer. And yes, you need one.
A WAF is a layer of defence which filters out unwanted requested based on predetermined criteria. Go back 20 years and much of the internet wasn’t protected behind firewalls. Would you like to switch off your firewall today? Jump forward just 5 years and the idea of not having a WAF will be similarly uncomfortable.
Firewalls filter traffic based on IP addresses and protocols/ports. WAFs inspect the content of the traffic and filter unwanted requests based on a ruleset. Running IBM (HCL) Domino? Blocking all SQL requests will prevent a lot of unwanted traffic. Running a simple Umbraco solution? List all your sql queries as permitted and deny everything else to avoid all those pesky sql_injection attacks.