What is a Web Application Firewall (WAF)?


As part of ASI's investment in solutions to protect our clients’ environment and data, we are implementing Cloudflare's Web Application Firewall (WAF) in our global operating region. 

What is a WAF?

A WAF is a web application firewall that filters, monitors, and blocks HTTP(S) traffic to and from a web application. A WAF is differentiated from a regular network firewall in that a WAF is able to filter the content of specific web applications while regular firewalls serve as a networking safety gate between servers and the outside world.  All incoming traffic will come in through the WAF prior to reaching the iMIS web application server/VM.  The Cloudflare WAF provides an extraordinary level of protection against most, if not all, common exploits that bad actors use to compromise/hack/deface modern web sites.

ASI’s deployment of the Cloudflare WAF in our global region provide protection against:

  • XSS Injections 
  • SQL Injection Attacks
  • Forceful Browsing
  • Protocol Violations
  • Session Tamper Attacks: Majority of these are invalid cookies or Cookie Tampered.
  • XML Violations
  • SQL Attacks
  • File Attacks
  • Auth Attacks
  • DDoS Attacks
  • Limits Violation
  • JSON Violations
  • BOT Mitigation

How will this be implemented?

In order to implement this additional level of security to all ASI hosted clients, we are requiring all clients to update their DNS to point to the WAF in their region by August 31, 2021.  Clients have or will receive notification and instructions for this change, based on region.


Please sign in to leave a comment.
Powered by Zendesk