What a WAF does
A WAF examines HTTP requests, including headers and payloads, to identify and block malicious traffic. It uses rule sets, often based on the OWASP Core Rule Set, to detect common web application vulnerabilities like SQL injection and cross-site scripting. WAFs can operate in different modes: blocking, which prevents malicious requests from reaching the application, and detection, which logs suspicious activity without immediate blocking. This allows for fine-tuning and reduces the risk of false positives.
WAFs in Australian tenants today
For AU mid-market organisations leveraging Microsoft's cloud services, options include Azure Front Door WAF and Application Gateway WAF. Third-party WAFs like Cloudflare and F5 are also common. It’s crucial to understand how these WAFs interact with other services. DDoS protection, for example, should be considered alongside a WAF, as it addresses volumetric attacks, while the WAF handles application-layer exploits. A CDN can also be integrated to improve performance and availability, creating a layered defence strategy aligned with the ACSC Essential Eight and broader cybersecurity best practices.