Web Application Firewall

The Web Application Firewall provides security, proxy, threat mediation, and content processing services for a web-based application. Examples of these applications are enrollment, benefits management, ticket sales, or a trading system.

The Web Application Firewall is intended for the following purposes.

Proxy web applications
Provide authentication and authorization services with or without cookie encryption
Cross-site scripting (XSS) protection
Session timeout management
Name-value input processing and filtering.

A common use of the Web Application Firewall is to provide perimeter authentication for web applications. This authentication asserts the user identity to the remote application server in a format that the application server can accept.

The Web Application Firewall is designed to handle traffic that is primarily URL-encoded HTTP POST operations. The Web Application Firewall can handle HTTP GET operations with or without query strings. The Web Application Firewall is not designed for web services that use SOAP-based XML payloads, although XML traffic can be handled.

The Web Application Firewall offers.

Destination service proxy.
TLS termination.
Authentication and authorization services.
Rate limiting.
Session start and timeout enforcement.
URL-encoded name-value input processing.
HTTP protocol-filtering.
Threat protection, such as against injection attacks.
Cookie handling, including sign and encrypt.
Error handling.
XML and non-XML content processing.