Using Web Application Firewall to detect and block common web application attacks

A web application firewall is not as common as a network firewall is, but it has been catching our eyes in recent security news, security articles and conferences. Enterprise has been adopting this technology because it enhances web application security significantly. But configuring, implementing and maintaining this new technology is not trivial. To be successful in using it, you must understand application's behavior thoroughly and carefully configure the firewall rules. Also, since commercial versions of this technology are expensive to purchase, implement and maintain, it is recommended to start with an open source product, such as Modsecurity, so you can determine if this solution is appropriate for your budget and environment. This paper will show how to analyze common web attacks by using WAF's detection and logging ability along with Apache server's logging ability. Finally, its effectiveness against some simple and some more advanced web attacks will be examined.