WAF Management

WAF creates robust security policies that protect web applications from targeted application layer threats, such as buffer overflows, SQL injection, cross-site scripting, parameter tampering, cookie poisoning, web scraping, and many others, by allowing only valid application transactions. Using a positive security model, WAF secures applications based on a combination of validated user sessions and user input, as well as a valid application response. WAF also includes built-in security policy templates that can quickly secure common applications.

WAF also protects applications using negative security by means of attack signatures. Attack signatures can detect and thwart attacks such as the latest known worms, SQL injections, cross-site scripting, and attacks that target commonly used databases, applications, and operating systems.

Work with WAF in BIG-IP Next Central Manager’s Policy Editor