Web application firewalls (WAF)
Web application firewalls (WAF) are an evolving information security technology designed to protect web sites from attack. WAF solutions are capable of preventing attacks that network firewalls and intrusion detection systems can't, and they do not require modification of application source code.
A WAF protects a Web application by controlling its input and output and the access to and from the application. Running as an appliance, server plug-in or cloud-based service, a WAF inspects every HTML, HTTPS, SOAP and XML-RPC data packet. Through customizable inspection, it is able to prevent attacks such as XSS, SQL injection, session hijacking and buffer overflows, which network firewalls and intrusion detection systems are often not capable of doing. A WAF is also able to detect and prevent new unknown attacks by watching for unfamiliar patterns in the traffic data.
Full support for HTTP:
Access to individual fields (field content, length, field count, etc).
Entire transaction (both request and response).
Anti-evasion features (also known as normalisation/canonicalisation/transformation features).
TCP/IP resets (connection)
Blocking via external device
IP Address data
Hidden field protection
Session management protection
Enforce session duration timeout, inactivity timeout.
Virtualise session management.
Prevent hijacking or at least warn about it.
Request flow enforcement