Web Application Firewall (WAF) is a security appliance that protects web server applications from specific types of Internet attacks like SQL Injections, cross site scripting (XSS) and distributed denial-of-service (DDoS) that can lead to the compromise or loss of data.
Note: Web Application Firewall is currently available as a BETA product.
Enforcement of OWASPⓇ Rules
OWASP rules are a set of application attack detection rules called the ModSecurity Core Rule Set (CRS). This industry leading rule set is updated continually to provide protection from evolving online threats.
Custom Rule Management
Customize default rules to fit your application and user requirements.
IP Access List
Access rules can be created for specific IP addresses to ensure they are blocked/allowed as needed.
For web sites running on multiple servers failover and high performance when traffic volume is high. This feature allows the WAF to send the traffic to separate servers providing traffic balancing across available servers.
Logging and Reporting
Keep an eye on the access requests to see where requests are coming from, how people are interacting with the site, blocked IP addresses and types of attacks attempted.
Manage your WAF and Edge Threat Management appliances with cloud-based ETM Dashboard providing you quick access to monitor and manage all of your network appliances
WAF is designed to sit in front of your Web Servers to protect them from bad actors who may be trying to exploit your web application or cause harm in a way that could compromise sensitive data or result in a denial of service.
WAF is available without licensing requirements during the beta period.
Support and Feedback
During the beta period, support for Web Application Firewall is available through the product forum at https://forums.untangle.com/web-application-firewall-waf-general/
You can submit ideas for new features and enhancements to https://untanglewebapplicationfirewall.featureupvote.com/Follow