This article was originally published on AI Study Room. For the full version with working code examples and related articles, visit the original post.

WAF Deployment Patterns

WAF Deployment Patterns

WAF Deployment Patterns

WAF Deployment Patterns

WAF Deployment Patterns

WAF Deployment Patterns

WAF Deployment Patterns

WAF Deployment Patterns

WAF Deployment Patterns

WAF Overview

A Web Application Firewall (WAF) filters and monitors HTTP traffic between web applications and the internet. It protects against common attacks like SQL injection, XSS, and CSRF.

Inline WAF Deployment

The WAF sits directly in the request path:

ModSecurity configuration

SecRuleEngine On

SecRequestBodyAccess On

SecResponseBodyAccess On

SQL Injection prevention

SecRule REQUEST_COOKIES|REQUEST_COOKIES_NAMES|ARGS_NAMES|ARGS|XML:/* \

"/((\%27)|(\'))\s*((\%6F)|o|(\%4F))((\%72)|r|(\%52))/ix" \

"id:'981173',\

phase:2,\

deny,\

status:403,\

msg:'SQL Injection Attack'"

XSS prevention

SecRule ARGS "@detectXSS" \

"id:'958056',\

phase:2,\

deny,\

status:403,\

msg:'XSS Attack Detected'"

Reverse Proxy WAF

Deploy WAF as a reverse proxy for centralized protection:

Nginx with ModSecurity

server {

listen 443 ssl;

server_name app.example.com;

ModSecurity enabled

modsecurity on;

modsecurity_rules_file /etc/nginx/modsec/main.conf;

location / {

proxy_pass http://backend:8080;

proxy_set_header Host $host;

proxy_set_header X-Real-IP $remote_addr;

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

}

}

Cloud WAF (AWS WAF)

AWS WAF with rate limiting and SQL injection protection

resource "aws_wafv2_web_acl" "main" {

name = "main-waf"

description = "Main WAF ACL"

scope = "REGIONAL"

default_action {

---

Read the full article on AI Study Room for complete code examples, comparison tables, and related resources.

Found this useful? Check out more developer guides and tool comparisons on AI Study Room.