A web application firewall (WAF) applies a set of rules to the back-and-forth flow of HTTP and HTTPS requests. Generally, these rules cover common attacks such as cross-site scripting (XSS) and SQL injection. By customizing the rules, many attacks can be identified and blocked. The rules are based on the OWASP (Open Web Application Security Project) Core Rule Set.
Instart's WAF leverages provides the following functionality:
- blocking of malicious traffic
- plain text & SSL-encrypted traffic inspection
- HTTP-awareness: protocol validation, encodings, cookies
- signature-based detection: behavior, pattern match
- custom rules/virtual patching
- analytics via the customer portal and, if desired, delivered to the location of your choice via Log Delivery
The WAF is part of the Instart Web Security offering. If you are interested in this feature, please contact your account representative for more information.