Web server protection: Web application firewalls for web server protection

Introduction

Firewalls are an integral part of the tools necessary in securing web servers. In this article, we will discuss all relevant aspects of web application firewalls. We’ll explore a few concepts that touch on these firewalls, both from a compliance and technical point of view, as well as examine a few examples of how we can use ModSecurity to enforce some rules.

Overview

Web application firewalls (WAFs) are security solutions that can be installed on web servers with the aim of protecting web applications from abuse by hackers. Put another way, a WAF is an application firewall for HTTP applications.

A WAF can either be a server plugin, appliance or filter and can be used to protect various web applications from attacks such as cross-site scripting (XSS) or SQL injection (SQLi). Some WAFs are open-source while others are proprietary.

Let’s consider some advantages and disadvantages of open-source WAFs.

Pros of open-source WAFs

The biggest advantage of open-source WAFs is that they are so much more affordable when compared to proprietary WAFs. If you do not want to spend huge amounts of cash on high-end WAFs, your best bet would be to acquire one of the most common and trusted WAFs such as ModSecurity.

Open-source WAFs offer great flexibility. This means that they are highly customizable and will allow you to perform configurations as per your project needs, and they will work absolutely fine. You are able to add various modules as you wish.

Cons of open-source WAFs

Since open-source WAFs are “freely” accessible, you are not going to get very lucky with configuration and troubleshooting. You will mostly and always have to do all the configurations by yourself, and things sometimes get very tangled.

Another disadvantage comes in the user-friendliness. The interfaces you get as you run these WAFs (Read more...)

*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Lester Obbayi. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/c0j2OuS7NQw/