What is Cloud WAF?

Talhabin Arshad Siddiqui

A cloud WAF is also known as a cloud-based WAF or cloud-native WAF and it provides web application security more cost-efficiently than traditional appliance-based web application firewalls while offering some distinguished advantages. Cloud-based WAF services offer more responsive, elastic, and customizable application security options based on predefined security policies that scale and react automatically to threats per application or tenant.

The administrators save a lot of time using the flexibility and customization power of this WAF. They save time on the manual tuning of security software or hardware on their systems. This WAF also allows proactive threat detection, enables real-time app security insights and visibility and ensures compliance (GDPR, HIPAA and PCI), all the while providing centralized application security across multi-cloud, hybrid-cloud or on-premise application environments.

Attacks that WAFs help fend off

WAFs can help prevent the following attacks:

1. Cookie poisoning 
It is the modification of a cookie to gain unauthorized information about the user for purposes such as identity theft.
2. Unvalidated input 
In this attack, bad actors tamper with HTTP requests (including the URL, headers and form fields) to bypass the site’s security mechanisms.
3. Web scraping
In this, data scraping is used for extracting data from websites.
4. Layer 7 DoS 
It is an HTTP flood attack that utilizes valid requests in typical URL data retrievals.
5. Cross-site Scripting (XSS) 
6. SQL injection
A malicious code is inserted or injected into a web entry field that allows attackers to compromise the application and underlying systems.

Understanding WAF Deployment

One may be wondering about the WAF deployment, well fear not we have you covered!

Reverse proxy:
The WAF acts as a sort of proxy for the website. So the traffic first goes to the WAF which then analyses and blocks the bad actors and allows only genuine authentic users to reach your website.

Transparent Reverse Proxy:
In essence, it is a reverse proxy with transparent mode. As a result, the WAF separately sends filtered traffic to web applications. This allows for IP masking by hiding the address of the application server. Performance latency is a potential downside during translation.

Transparent Bridge:

In this, the HTTP traffic goes directly to the web application. The main aim is to make WAF appear as a transparent medium between the device and the server.

WAF Security Models

WAFs have 3 models that they follow. Depending on the scenario, the user could opt for any one of the 3 models to get the optimum results and security for their website. In a nutshell, the 3 models include:
Whitelist Model:
It is also known as the positive security model which emphasizes on rejecting everything not classified as “allowed”. Basically, in this model when input validation is performed this model dictates that the user should specify the allowed inputs.
The benefit of this model is that new and unknown attacks can be fended off.
Denylist Model:
It is also known as a negative security model. This model is almost opposite to the white list model as it requires a list of banned items and everything not on that list is allowed onto the web application.
Combination of Both Models:
As evident from the name, this model is a combination of both the aforementioned models and it does prove to be effective in some scenarios.