Web Application Firewall
Web Application Firewall for protect your website from hacking
A web application firewall (WAF) is an application firewall for HTTP applications. It applies a set of rules to an HTTP conversation. Generally, these rules cover common attacks such as cross-site scripting (XSS) and SQL injection. A Web application firewall (WAF) is a firewall that monitors, filters or blocks the HTTP traffic to and from a Web application. A WAF protects a Web application by controlling its input and output and the access to and from the application
Comprehensive, High-Performance Web Application Security
FortiWeb Web Application Firewall (WAF)
- PCI DSS compliant
- Top security—NSS Labs “Recommended”
- Groundbreaking throughput up to 20 Gbps
- Available in hardware and virtual form factors
Industry-leading WAF Security and Performance
Unprotected web applications are the easiest point of entry for hackers and vulnerable to a number of attack types. Our multi-layered and correlated approach protects your web apps from the OWASP Top 10 and more. Our Web Application Security Service from FortiGuard Labs uses information based on the latest application vulnerabilities, bots, suspicious URL and data patterns, and specialized heuristic detection engines to keep your applications safe from:
- Malicious sources
- DoS attacks
- Sophisticated threats such as SQL injection, cross-site scripting, buffer overflows, cookie poisoning
- More!
It also includes layer 7 load balancing and accelerated SSL offloading for more efficient application delivery.
The FortiWeb WAF provides near 100% protection from even the most sophisticated attacks with:
Vulnerability scanning
IP reputation, attack signatures, and antivirus powered by FortiGuard
Behavioral attack detection, threat scanning; protection against botnets, DoS, automated attacks, and more
Integration with FortiSandbox for ATP detection
Tools to give you valuable insights on attacks
Available in the AWS and Azure Marketplaces
Our web application firewall – Website Firewall is designed to filter traffic before it reaches your WordPress or Joomla website. The majority of malicious website attacks are therefore blocked which increases website security dramatically.
Traditional Firewalls or Web Application Firewalls?
Traditional firewalls protect IT environments against external attacks, by allowing and blocking connections to certain areas.
These firewalls control incoming and outgoing network traffic, based on a set of rules.
Here is a basic example:
Let’s suppose your company has a web server inside its infrastructure. In order for the web server to be reachable from outside your company, some rules will have to be established to authorize web traffic to and from that server.
Some “ports” will be open, on a given IP address (the one of your server).
Your company can choose to allow web traffic only, or allow other traffic according to its needs.
In our example, allowing web traffic only does not guarantee that this traffic is safe.
The web has enabled many possibilities and allowed easy access to resources and data. Unfortunately, web technologies are not completely safe by nature and threats are as numerous as opportunities. Traditional firewalls cannot analyze in details what is reaching the server.
By opening communication channels to web servers, the door is also open to new threats: application attacks.
The web traffic can embed many types of attacks: SQL injections, Cross Site Scripting, Cross Site Request Forgery, session hijacking attacks… hundreds of possible attacks.
This is where web application firewalls (WAF) have their role to play.
By analyzing web traffic, and with a smart detection engine, web application firewalls are able to distinguish dangerous from legitimate traffic and block attacks.
From a technical standpoint and referring to the OSI model (conceptual model describing communication system layers), traditional firewalls act on the three first layers (physical to network layers), and web application firewalls act on the seventh layer (application layer).
Protect and Speed Up Your Website
Features and Benefits
Get website protection and performance with a professional team to help.
Protection
The Website Firewall is a cloud-based WAF that stops website hacks and attacks. Our constant research improves our detection and mitigation of evolving threats, and you can add your own custom rules.
- Instantly Block Hackers
- DDoS Mitigation and Prevention
- Virtual Patching and Hardening
- Protect Brand Reputation
- Prevent Zero-Day Exploits
Performance
Our CDN makes your site faster and highly available across the world. Built on our global network of secure data centers, your visitors, customers, and search engines will notice a dramatic improvement.
- Smart Caching Options
- Fast HTTP/2 Support
- Resource Optimization via GZIP Compression
- Reduced Server Load
- Works with Other CDNs