Redirecting you to
Blog Post Sep 08, 2020

What Is Web Application Firewall (WAF)?

Without proper safeguards in place, hackers can deploy malware and injection attacks that could steal sensitive information, damage your online reputation, and ruin your business. A WAF can help protect you.

A good firewall can offer added protection for you and your business.


There needs to be a layer of separation between the “Wild West” of the internet and the safety of your website.

Think of it like going to a football game. The stadiums don’t just let anyone walk in and take a seat because that could leave those in the stadium at risk for an attack. That’s why they post security guards outside the stadium to check tickets and inspect bags. It is a layer of filter between the stadium and the outside world.

This is exactly the same thing you need, and it’s what a Web Application Firewall (WAF) can do for you.

How does a Web Application Firewall work?

First, understand that “web application” refers to your website. Once you know this, it’s pretty easy to figure out what a WAF does. It is a firewall between your site and the internet.

Any traffic that wants to enter your site needs to go through the WAF. This protects your site from being exposed to threats.

There are two types of WAFs that you can use.

A blacklist WAF is a protector against known attacks. The firewall has certain criteria that traffic needs to meet – if the criteria is not met, then the traffic is rejected. Back to the stadium analogy, a blacklist WAF would be a security guard that is to allow anyone in for the game, but only if they meet the dress code.

A whitelist WAF is a little different. With a whitelist WAF, only approved traffic is allowed into your site. Everyone else is turned away. At the stadium, a whitelist WAF would be a guard that has a list of people who are allowed in for the game – if you’re not on the list, you aren’t allowed in, regardless of your intentions.

Each method has its pros and cons. Many effective WAFs use both, which is called a hybrid WAF.

Different ways that WAFs can be deployed

Different ways that WAFs can be deployed

Stadium security can be implemented in different ways: a team of physical security guards, a gate with a keypad on it, a series of cameras… and so on.

In the same way, there are multiple ways a WAF can be implemented on your site. And just like stadium security, there are pros and cons to each.

A network-based WAF usually requires a piece of hardware that acts as the WAF. They sit next to the server on the network, and all traffic runs through that machine first, then the server. This is a very fast method of security, but can be very expensive, and it is then another machine that needs to be maintained.

A host-based WAF is integrated directly into your website’s software, saving costs and offering more customization for the administrator. However, there are still a lot of maintenance costs that go into this type of WAF, and because it runs on your server, it consumes your server’s resources.

Finally, a cloud-based WAF is incredibly simple to set up. You pay for the WAF’s server, and route your traffic through that WAF first. There is minimal upfront costs, and it is updated regularly without any need for interaction on your part, which makes it very user-friendly. However, you are handing over the responsibility of your website’s protection to a third party.

Which you should choose is up to you and your needs. Sectigo’s Web Firewall offers tremendous protection and sophisticated software to combat hackers and bots, neutralizing malicious threats before they reach your server.

Protect Your Site Now