CacheGuard Web Gateway appliance embeds a WAF (Web Application Firewall).
Because cyber-attacks have become increasingly sophisticated, blocking threats at the IP level only with traditional firewalls is not enough to provide an acceptable level of security to Web applications. Unfortunately there are indications that most Web applications are vulnerable to content attacks and have never been tested for vulnerabilities before being put into production. The reason is simple: during development phases the major concern is to satisfy the original purpose of a Web application within the set deadline and not its security.
Best practices dictate to review the source code of Web applications from the security perspective in order to fix vulnerabilities. However not all vulnerabilities can be detected with this method and if the security is a effective concern, Web applications should be protected with a Web Application Firewall or in short a WAF. Compared to a traditional firewall that inspects the network traffic at the IP level only, a Web Application Firewall goes further and inspects the content of the Web traffic in order to reject malicious Web requests such as XSS and SQL injections.
In reverse mode (or Reverse Proxy mode), CacheGuard Web Gateway can act as a Web Application Firewall in order to protect you against data thefts, session hijackings, privacy compromises or any other threats coming from the Web. In addition, CacheGuard WAF empowered with CacheGuard Antivirus instantly blocks any attempt to the inject malware into your Web applications.
CacheGuard Web Gateway is not just a WAF but it is also a traditional Firewall, a Gateway Antivirus, a Web Proxy, a URL Guard, a Reverse Proxy, a Traffic Shaper, a Web Cache, a Web Compressor, an SSL Mediator/Inspector and much more.
Powered by ModSecurity
CacheGuard WAF is based on Apache, ModSecurity and OWASP WAF rules. If you are familiar with Linux (or BSD), complex configuration files, all tools around Apache (like ModSecurity) and have the time and patience to configure all those tools to match your requirements in terms of capacity and performance, you can probably build your WAF by yourself. Otherwise you can implement CacheGuard Web Gateway and start protecting yourself straight away.
You can learn more about CacheGuard WAF in the CacheGuard User’s Guide.