Skip to main content

General information about Web Application Firewall (WAF) protection

Last update:

WAF (Web Application Firewall) is a class of solutions that ensure web application security at the L7 level, protecting a site or application from targeted attacks.

A targeted attack is an attack on your site or application aimed at stealing confidential data, gaining access to internal systems, causing reputational damage, or disrupting the application's operation. Targeted attacks are often masked as regular user traffic.

The WAF Curator service is available in Selectel.

Operation principle

Traffic that has been scrubbed at the DDoS protection filtering nodes is redirected to WAF. WAF analyzes HTTP and HTTPS traffic and applies filtering rules to clean the traffic of malicious requests.

WAF works based on machine learning algorithms. There is a mandatory training and monitoring period that lasts about two to three weeks. The duration of the training period depends on the volume of incoming traffic. During training, WAF analyzes traffic directed at your application and learns to protect your specific application. The following are used for training:

  • behavioral analysis — WAF studies user behavior and learns to recognize abnormal behavior;
  • signature analysis — WAF matches traffic against known types of attacks.

This way, a list of filtering rules is formed and the accuracy of attack blocking is increased. After training is complete, WAF can begin actively blocking attacks.

Limitations

WAF analyzes traffic that has already been scrubbed of attacks, so the service can only be connected as a supplement to application-level (L7) DDoS protection. For more information on how DDoS protection works, see the General information about DDoS protection guide.