Web Application Firewalls and Network Firewalls: Overview

Firewalls have existed for as long as the Internet has been around. Traditional network firewalls protect local networks from all external traffic, while Web Application Firewalls (WAF) protect servers that are hosting applications from HTTP/HTTPS traffic.

While the difference might seem subtle, these 2 types of firewalls actually secure different layers in the OSI model stack.

Securing Layers 3 and 4 (Data Transfer and Network Traffic Layers)

Lower down the stack, at layers 3 and 4, a Network Firewall protects the local network from attacks including:

  • Unauthorized access to network (general)
  • Privilege escalation vulnerability
  • MITM (Man in the Middle)
  • DNS (Domain Name System)
  • FTP (File Transfer Protocol)
  • SMTP (Simple Mail Transfer Protocol)
  • Telnet
  • SSH (Secure Shell)

Securing Layer 7 (Application Layer)

Higher up the stack, at layer 7, a WAF protects the web application servers from HTTP/HTTPS attacks, including:

  • DDOS (Direct Denial of Service)
  • SQL injection
  • XSS (Cross Site Scripting)
  • JavaScript/Ajax
  • URL
  • Cookies

How to Set Up a Reverse Proxy

  1. Build in House: Large companies with devoted backend teams may consider building out their own reverse proxy system, which requires a lot of resources, as well as capital expenditure on server equipment.
  2. Cloud-based: Solutions like Kuroco offer reverse proxy functionality on the edge. Our WAF platform offers reverse proxying as a feature out-of-the-box, which can be easily configured and managed at a low cost.