A Web Application Firewall (WAF) provides the ability to inspect web traffic (HTTP/S) for malicious activity, alert on questionable activity, and optionally, block requests to prevent attacks against backend web infrastructure The WAF engine is combined with a set of detection rules which specify different patterns that indicate various attack types or specific attacks like SQL injection or cross-site scripting (“XSS”). WAFs use the rules to inspect web traffic, and if matches are detected, take the actions specified by the rules. Our WAF uses the OWASP Core Rule Set (CRS) as the base ruleset for detection, plus a set of rules we build and maintain based on our experience working with some of the largest customers on the web.
Articles in this section
- What is included in Instart Web Security?
- How is Instart different from other cloud-based web security offerings?
- Do I need to change my backend infrastructure to use this solution?
- What type of traffic does our solution apply to?
- Does Instart Web Security support protecting IPv6 traffic?
- Does Instart provide DoS and DDoS protection for a web property?
- Why would I want to use Instart vs. a DDoS mitigation provider?
- What types of DDoS attacks can Instart protect against?
- Can Instart block massive DDoS attacks?
- Is the Instart service PCI compliant?