What is a web application firewall (WAF)?

A web application firewall (WAF) is an application firewall for HTTP applications. It applies a set of rules to an HTTP conversation. Generally, these rules cover common attacks such as cross-site scripting (XSS) and SQL injection.

While proxies generally protect clients, WAFs protect servers. A WAF is deployed to protect a specific web application or set of web applications. A WAF can be considered a reverse proxy.

WAFs may come in the form of an appliance, server plugin, or filter, and may be customized to an application. The effort to perform this customization can be significant and needs to be maintained as the application is modified.

Web application firewall (WAF) ruleset

WAF Rule let you precisely target the web requests that you want WAF to allow or block by specifying the exact conditions that you want WAF to watch for. WAF Ruleset is a set of generic attack detection rules for use with WAF that aims to protect web applications from a wide range of attacks. The most notable and widely used one is called OWASP ModSecurity Core Rule Set (CRS).

OWSAP ModSecurity CRS

owasp-modsecurity-core-rule-set

The Core Ruleset (CRS) aims to protect web applications from a wide range of attacks, including the OWASP Top Ten, with a minimum of false alerts. The CRS provides protection against many common attack categories, including SQL Injection, Cross Site Scripting, Locale File Inclusion, etc.

OWASP ModSecurity CRS is free to use. It is licensed under the Apache Software License version 2 (ASLv2), so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.