WAF
A Web Application Firewall — it inspects HTTP(S) traffic at the application layer and blocks common web exploits such as SQL injection, cross-site scripting, and malicious bots before they reach a workload.
Description
The managed web application firewalls (AWS WAF, Azure Web Application Firewall, GCP Cloud Armor) all inspect layer-7 HTTP(S) traffic and block OWASP Top 10 exploits, malicious bots, and abusive request rates using managed and custom rule sets. The differences are in where they attach and their surrounding tooling: AWS WAF binds to CloudFront, Application Load Balancers, and API Gateway with AWS Managed Rules and central control through Firewall Manager; Azure offers two flavours — Application Gateway WAF in-region and Front Door WAF at the global edge — both built on the OWASP Core Rule Set; GCP Cloud Armor enforces policy-based rules at the edge of its HTTP(S) load balancers with ML-assisted DDoS detection. To the best of our knowledge the core role is equivalent; choose by the load balancer or CDN you are fronting and how much managed-rule and central-management tooling you need.
Capabilities
- Block OWASP Top 10 exploits (SQLi, XSS, RCE)
- Managed and custom rule sets
- Rate limiting, bot control, and geo-blocking
- Inspect and log HTTP(S) requests at layer 7