How to Size Web Application Firewall

There are a few factors that organizations must consider when choosing a WAF.

Select an architectural type -

1. Inline which can again be in three models -

a. Reverse Proxy - It terminates all incoming traffic, scrutinizes the traffic and deals with the server on behalf of the requester. This consumes processing power so must be sized and tested to avoid latency issues.

b. Router mode - In contrast to the reverse proxy, it does not terminate requests meant for the server.

c- In-bridge mode - WAF acts as a layer 2 switch and does limited firewall services.

2. Tap/Span: It is a non-intrusive, passive option kept out of the traffic route. It monitors traffic from a tap or span port. This type is mainly used for accumulating data to be used later for investigation.

Choice of Deployment:

Organizations can choose a form they are comfortable with

a. Software-based Virtual edition, b. Hardware, or c. Cloud-based WAF.

Detection techniques:

How the WAF must be used/ sized to determine vulnerabilities. It is necessary to ensure that the WAF does not block genuine traffic.

a. Signatures - Negative security model matches a pre-set string to the traffic when scrutinizing for attacks. in contrary, positive security model blocks and examines all the traffic allowing traffic that looks safe.

b. Rules- Links a series of strings or a 16-digit number.  

c. Normalization- WAF must be normalized to be able to spot and examine the attacks that sometimes are successful in evading WAF detection.

Availability and throughput:

WAF must have the capability to cache copies of frequent visitor requesting web content to reduce repeat requests to the back-end servers. It should compress content automatically for fast network transport. Is it compatible with existing load balancers/HA devices?

The SSL certificates and encryption can increase the CPU overheads so necessitate sizing of the WAF to offload some of the processing work.

Was this answer helpful? #8 #10
 

Did We Miss Out on Something?

Relax, we have you covered. At Go4hosting, we go the extra mile to keep our customers satisfied. We are always looking out for opportunities to offer our customers “extra” with every service. Contact our technical helpdesk and we’d be more than happy to assist you with your Cloud hosting, Colocation Server, VPS hosting, dedicated Server or reseller hosting setup. Get in touch with us and we’d cover all your hosting needs, however bizarre they might be.

Submit your Query

  • I'm not a robot

Browse by ServicesBrowse by Services

Resource Library

What is Cloud Computing

Understand the term cloud computing, the ongoing trend, its playing field, future growth and how industry...

Myths about Cloud Computing

Cloud computing, in the recent years, has become a subject of significant discussion among the industry experts.

Download Now

Did We Miss Out on Something?

Relax, we have you covered. At Go4hosting, we go the extra mile to keep our customers satisfied. We are always looking out for opportunities to offer our customers “extra” with every service. Contact our technical helpdesk and we’d be more than happy to assist you with your Cloud hosting, Colocation Server, VPS hosting, dedicated Server or reseller hosting setup. Get in touch with us and we’d cover all your hosting needs, however bizarre they might be.

Submit Query

Please fill in the form below and we will contact you within 24 hours.