The Barracuda Web Site Firewall protects your Web Site and Web applications from attackers leveraging protocol or application vulnerabilities to instigate data theft, denial of service or defacement of your Web site. Unlike traditional network firewalls or intrusion detection systems that simply pass HTTP or HTTPS traffic for web applications, the Barracuda Web Site Firewall proxies this traffic and inspects it for attacks to insulate your Web servers from direct access by hackers. Prevent sensitive outbound data leakage, SQL injections, cross site scripting, session tampering and buffer overflows.
HTTP, HTTPS and FTP protocol compliance
At a basic level, the Barracuda Web Application Firewall verifies all inbound requests that comply with the HTTP, HTTPS and FTP specification. For example, inbound requests with more than one content-length header are typically the basis of HTTP request smuggling attacks; therefore they are illegal according to the HTTP specification and are blocked automatically.
Protection against common, high-visibility attacks
Hackers can take advantage of vulnerabilities in your online web forms to attack your applications. The Barracuda Web Application Firewall protects your web applications against SQL injections, OS command injections and cross-site scripting attacks.
Protection against attacks based on session state
The Barracuda Web Application Firewall protects your web applications against any attacks based on session state, such as forms tampering or cookie tampering.
Outbound data theft protection
In addition to inspecting the request traffic, the Barracuda Web Application Firewall also inspects all outbound packets for any data pattern expressible as a UNIX-style regular expression. Built-in policies protect all major credit cards and U. S. Social Security number patterns and new data patterns can be added at any time. Inspection for outbound leakage of these patterns can be applied to security policy on-the-fly.
Web site cloaking
To prevent hackers from doing reconnaissance on your web infrastructure, the Barracuda Web Application Firewall automatically strips identifying banners of web server software and version numbers out of all transactions.
While some web crawlers, such as search engines are often desirable, you may wish to prevent all other users from downloading your entire site. The Barracuda Web Application Firewall can easily identify and allow legitimate crawlers while blocking more malicious ones.
The Barracuda Web Application Firewall features automatic fine-grain rules creation based on both HTTP requests and responses down to the level of individual HTML elements.
Application denial of service (DoS) protection
The Barracuda Web Application Firewall controls the rate of allowed operations that use an intense amount of resources, thus protecting against application-layer denial of service attacks.
By providing a full PKI infrastructure, the Barracuda Web Site Firewall can act as a Certificate Authority, including participating in a certificate trust chain.
The Barracuda Web Application Firewall fully terminates and proxies every connection to insulate each unique user session from exposure and can stamp or encrypt the session cookies. Also included to prevent cookie tampering is the ability to ensure that all hidden or read-only form fields are not changed by the user.
The Barracuda Web Application Firewall includes SSL offloading, streamlining the encryption and decryption of SSL traffic to quickly process secure online transactions without additional burden on any servers.
The Barracuda Web Site Firewall includes hardware-based SSL acceleration, offloading back-end servers from the computational burdens of encrypting and decrypting secure Web traffic.
The Barracuda Web Application Firewall includes integrated load balancing capabilities to distribute traffic among multiple back-end servers. It supports both Layer 4 and Layer 7 cookie persistence and includes support for Layer 7 content switching based on URL pattern, parameter or HTTP header fields.
When inline in bridge-path, the Ethernet hard bypass ensures reliable application delivery even with a single Barracuda Web Application Firewall. For web applications with stringent security requirements, the Barracuda Web Application Firewall may be installed in a redundant pair configuration, providing real-time application state replication so that security and user sessions will not be compromised during a failover event.
The Barracuda Web Application Firewall maintains a rich set of logs on the appliance, including system activity, web firewall activity, web services activity, network firewall activity and traditional web logs.
The Barracuda Web Application Firewall provides an easy-to-read snapshot of common application attacks, critical for securing credit card information and providing compliance to PCI DSS requirements.
Syslog supportProduct Highlights
The Barracuda Web Site Firewall forwards logs to a syslog server for centralized and persistent storage or analysis by a third party tool.
In The Box
- Single point of protection for inbound and outbound traffic for all Web applications
- Protects Web sites and Web applications against application layer attacks
- Delivers best practices security right out of the box
- Monitors traffic and provides reports about attackers and attack attempts
- 100 backend servers supported
- Supports up to 100Mbps of inbound web traffic
- HTTP protocol validation
- Protection against common attacks
- Form field meta data validation
- Response control
- Granular policies to HTML elements
- Protocol limit checks
- File upload control
- Logging, monitoring and reporting
- Hardware SSL acceleration
- 1U rack mount mini chassis
- 5-year Energize Updates Subscription
- A 1hr Phone Installation Support part must be ordered with all system orders
- No per seat licensing fees
- Barracuda Web Application Firewall 660
- Rack mounting kit