Post on 03-Jun-2018
8/12/2019 Barracuda Web Application Firewal l- Overview
1/23
Barracuda Web Application Firewall
Barracuda Web Application Firewall -
OverviewThe Barracuda Web Application Firewall blocks an ever-expanding list of sophisticated web-based intrusions and attacks that
target applications hosted on web servers and in the cloud. The Barracuda Web Application Firewall scans all inbound web
traffic to block attacks, and inspects the HTTP responses from the configured back-end servers for Data Loss Prevention
(DLP). The integrated access control engine enables administrators to create granular access control policies for
Authentication, Authorization & Accounting (AAA) without having to change the application. The onboard L4/L7 Load
Balancing capabilities enable organizations to quickly add back-end servers to scale deployments as they grow. Its
application acceleration capabilities like SSL Offloading, caching, compression, and connection pooling ensures faster
application delivery of the web application content.
The Barracuda Web Application Firewall is available in multiple models and can be used to securely deploy applications of
any size. For information on available models, refer Barracuda Web Application Firewall Datasheetand 860/960 HardwareDatasheet.
Where to Start
Learn about your Deployment Options.
If you have the Barracuda Web Application Firewall Vx virtual machine, start here: Virtual Deployment .
If you have the Barracuda Web Application Firewall appliance, start here: Getting Started.
Alternatively, you can download the Barracuda Web Application Firewall Quick Start Guide.
Key Features
Protection against common, high-visibility attacks SQL injection, Cross Site Scripting, Command injection, CSRF, XML
attacks, Antivirus Protection, Adaptive Profiling
Protection against attacks based on session state Session Hijacking, Cookie Tampering, Clickjacking
Brute Force Attack Prevention
Application denial of service (DoS) protection Slow Client Attack, DDoS Preventionusing CAPTCHA, IP Reputation Filter
Data Theft Protection Deep inspects all server responses to prevent leakage of sensitive information using provided
default patterns (credit card data, social security numbers, etc.) or User Defined Patterns(Custom Patterns).
Website Cloaking Strips identifying banners of web server software and version numbers and provides customizable
HTTP error handling to defeat server fingerprinting attacks (Suppressing error codes and filtering headers).
Access Control Form and Basic Authentication and Single Sign On with integrations into LDAP, RADIUS, CA SiteMinder,
RSA SecurID, Kerberos, SMS Passcode
Application Delivery Load Balancing, Caching and Compression, SSL Offloading, Rate Control
Logging, Reporting and Monitoring Inbuilt reporting module, Web Firewall Logs, Access Logs, Audit Logs, Configuring
Syslog
Additional Resources
Barracuda Web Application Firewall REST API Guide
https://techlib.barracuda.com/BWAFOverview 1 / 23
https://www.barracuda.com/assets/docs/Datasheets/Barracuda_Web_Application_Firewall_DS_US.pdfhttps://www.barracuda.com/assets/docs/Datasheets/Barracuda_Web_Application_Firewall_800-900_Hardware_DS_US.pdfhttps://www.barracuda.com/assets/docs/Datasheets/Barracuda_Web_Application_Firewall_800-900_Hardware_DS_US.pdfhttps://techlib.barracuda.com/display/BWAFv76/Deployment+Optionshttps://techlib.barracuda.com/display/BWAFv76/Virtual+Deploymenthttps://techlib.barracuda.com/display/BWAFv76/Getting+Startedhttps://techlib.barracuda.com/attachments/download/BWAFv76/4259932/Barracuda_Web_Application_Firewall_QSG.pdfhttps://techlib.barracuda.com/display/BWAFv76/Web+Services+and+XML+Firewall+Protectionhttps://techlib.barracuda.com/display/BWAFv76/Enabling+Antivirus+Protection+for+File+Uploads+and+Downloadshttps://techlib.barracuda.com/display/BWAFv76/How+to+Configure+Adaptive+Profilinghttps://techlib.barracuda.com/display/BWAFv76/How+to+Secure+HTTP+Cookieshttps://techlib.barracuda.com/display/BWAFv76/Enabling+Clickjacking+Protection+for+a+Servicehttps://techlib.barracuda.com/display/BWAFv76/Enabling+Brute+Force+Protectionhttps://techlib.barracuda.com/display/BWAFv76/Slow+Client+Attack+Preventionhttps://techlib.barracuda.com/display/BWAFv76/Configuring+DDoS+Policyhttps://techlib.barracuda.com/display/BWAFv76/Configuring+IP+Reputation+Filterhttps://techlib.barracuda.com/display/BWAFv76/Enabling+Data+Theft+Protectionhttps://techlib.barracuda.com/display/BWAFv76/Configuring+User+Defined+Patternshttps://techlib.barracuda.com/display/BWAFv76/Access+Controlhttps://techlib.barracuda.com/display/BWAFv76/Load+Balancing+Overviewhttps://techlib.barracuda.com/display/BWAFv76/Configuring+Caching+and+Compressionhttps://techlib.barracuda.com/display/BWAFv76/How+to+Configure+Rate+Controlhttps://techlib.barracuda.com/display/BWAFv76/Logging%2C+Reporting+and+Monitoringhttps://techlib.barracuda.com/attachments/download/BWAFv76/4259932/Barracuda_Web_Application_Firewall_Rest_API_Version_1.pdfhttps://techlib.barracuda.com/attachments/download/BWAFv76/4259932/Barracuda_Web_Application_Firewall_Rest_API_Version_1.pdfhttps://techlib.barracuda.com/display/BWAFv76/Logging%2C+Reporting+and+Monitoringhttps://techlib.barracuda.com/display/BWAFv76/How+to+Configure+Rate+Controlhttps://techlib.barracuda.com/display/BWAFv76/Configuring+Caching+and+Compressionhttps://techlib.barracuda.com/display/BWAFv76/Load+Balancing+Overviewhttps://techlib.barracuda.com/display/BWAFv76/Access+Controlhttps://techlib.barracuda.com/display/BWAFv76/Configuring+User+Defined+Patternshttps://techlib.barracuda.com/display/BWAFv76/Enabling+Data+Theft+Protectionhttps://techlib.barracuda.com/display/BWAFv76/Configuring+IP+Reputation+Filterhttps://techlib.barracuda.com/display/BWAFv76/Configuring+DDoS+Policyhttps://techlib.barracuda.com/display/BWAFv76/Slow+Client+Attack+Preventionhttps://techlib.barracuda.com/display/BWAFv76/Enabling+Brute+Force+Protectionhttps://techlib.barracuda.com/display/BWAFv76/Enabling+Clickjacking+Protection+for+a+Servicehttps://techlib.barracuda.com/display/BWAFv76/How+to+Secure+HTTP+Cookieshttps://techlib.barracuda.com/display/BWAFv76/How+to+Configure+Adaptive+Profilinghttps://techlib.barracuda.com/display/BWAFv76/Enabling+Antivirus+Protection+for+File+Uploads+and+Downloadshttps://techlib.barracuda.com/display/BWAFv76/Web+Services+and+XML+Firewall+Protectionhttps://techlib.barracuda.com/attachments/download/BWAFv76/4259932/Barracuda_Web_Application_Firewall_QSG.pdfhttps://techlib.barracuda.com/display/BWAFv76/Getting+Startedhttps://techlib.barracuda.com/display/BWAFv76/Virtual+Deploymenthttps://techlib.barracuda.com/display/BWAFv76/Deployment+Optionshttps://www.barracuda.com/assets/docs/Datasheets/Barracuda_Web_Application_Firewall_800-900_Hardware_DS_US.pdfhttps://www.barracuda.com/assets/docs/Datasheets/Barracuda_Web_Application_Firewall_800-900_Hardware_DS_US.pdfhttps://www.barracuda.com/assets/docs/Datasheets/Barracuda_Web_Application_Firewall_DS_US.pdf8/12/2019 Barracuda Web Application Firewal l- Overview
2/23
Configuring Syslog and other Logs
System Log Messages
Mitigating Website Vulnerabilities using Vulnerability Scanners
https://techlib.barracuda.com/BWAFOverview 2 / 23
https://techlib.barracuda.com/display/BWAFv76/How+to+Configure+Syslog+and+other+Logshttps://techlib.barracuda.com/display/BWAFv76/System+Log+Messageshttps://techlib.barracuda.com/display/BWAFv76/Mitigating+Website+Vulnerabilities+using+Vulnerability+Scannershttps://techlib.barracuda.com/display/BWAFv76/Mitigating+Website+Vulnerabilities+using+Vulnerability+Scannershttps://techlib.barracuda.com/display/BWAFv76/System+Log+Messageshttps://techlib.barracuda.com/display/BWAFv76/How+to+Configure+Syslog+and+other+Logs8/12/2019 Barracuda Web Application Firewal l- Overview
3/23
What's New in the Barracuda Web
Application FirewallThe Barracuda Web Application Firewall blocks an ever-expanding list of sophisticated web-based intrusions and attacks that
target applications hosted on web servers and in the cloud. The Barracuda Web Application Firewall scans all inbound web
traffic to block attacks, and inspects the HTTP responses from the configured back-end servers for Data Loss Prevention(DLP). The integrated access control engine enables administrators to create granular access control policies for
Authentication, Authorization & Accounting (AAA) without having to change the application. The onboard L4/L7 Load
Balancing capabilities enable organizations to quickly add back-end servers to scale deployments as they grow. Its
application acceleration capabilities like SSL Offloading, caching, compression, and connection pooling ensures faster
application delivery of the web application content.
The Barracuda Web Application Firewall is available in multiple models and can be used to securely deploy applications of
any size. For information on available models, refer Barracuda Web Application Firewall Datasheetand 860/960 Hardware
Datasheet.
Where to Start
Learn about your Deployment Options.
If you have the Barracuda Web Application Firewall Vx virtual machine, start here: Virtual Deployment .
If you have the Barracuda Web Application Firewall appliance, start here: Getting Started.
Alternatively, you can download the Barracuda Web Application Firewall Quick Start Guide.
Key Features
Protection against common, high-visibility attacks SQL injection, Cross Site Scripting, Command injection, CSRF, XML
attacks, Antivirus Protection, Adaptive Profiling
Protection against attacks based on session state Session Hijacking, Cookie Tampering, Clickjacking
Brute Force Attack Prevention
Application denial of service (DoS) protection Slow Client Attack, DDoS Preventionusing CAPTCHA, IP Reputation Filter
Data Theft Protection Deep inspects all server responses to prevent leakage of sensitive information using provided
default patterns (credit card data, social security numbers, etc.) or User Defined Patterns(Custom Patterns).
Website Cloaking Strips identifying banners of web server software and version numbers and provides customizable
HTTP error handling to defeat server fingerprinting attacks (Suppressing error codes and filtering headers).
Access Control Form and Basic Authentication and Single Sign On with integrations into LDAP, RADIUS, CA SiteMinder,
RSA SecurID, Kerberos, SMS Passcode
Application Delivery Load Balancing, Caching and Compression, SSL Offloading, Rate Control
Logging, Reporting and Monitoring Inbuilt reporting module, Web Firewall Logs, Access Logs, Audit Logs, Configuring
Syslog
Additional Resources
Barracuda Web Application Firewall REST API Guide
Configuring Syslog and other Logs
System Log Messages
Mitigating Website Vulnerabilities using Vulnerability Scanners
https://techlib.barracuda.com/BWAFOverview 3 / 23
https://www.barracuda.com/assets/docs/Datasheets/Barracuda_Web_Application_Firewall_DS_US.pdfhttps://www.barracuda.com/assets/docs/Datasheets/Barracuda_Web_Application_Firewall_800-900_Hardware_DS_US.pdfhttps://www.barracuda.com/assets/docs/Datasheets/Barracuda_Web_Application_Firewall_800-900_Hardware_DS_US.pdfhttps://techlib.barracuda.com/display/BWAFv76/Deployment+Optionshttps://techlib.barracuda.com/display/BWAFv76/Virtual+Deploymenthttps://techlib.barracuda.com/display/BWAFv76/Getting+Startedhttps://techlib.barracuda.com/attachments/download/BWAFv76/4259932/Barracuda_Web_Application_Firewall_QSG.pdfhttps://techlib.barracuda.com/display/BWAFv76/Web+Services+and+XML+Firewall+Protectionhttps://techlib.barracuda.com/display/BWAFv76/Enabling+Antivirus+Protection+for+File+Uploads+and+Downloadshttps://techlib.barracuda.com/display/BWAFv76/How+to+Configure+Adaptive+Profilinghttps://techlib.barracuda.com/display/BWAFv76/How+to+Secure+HTTP+Cookieshttps://techlib.barracuda.com/display/BWAFv76/Enabling+Clickjacking+Protection+for+a+Servicehttps://techlib.barracuda.com/display/BWAFv76/Enabling+Brute+Force+Protectionhttps://techlib.barracuda.com/display/BWAFv76/Slow+Client+Attack+Preventionhttps://techlib.barracuda.com/display/BWAFv76/Configuring+DDoS+Policyhttps://techlib.barracuda.com/display/BWAFv76/Configuring+IP+Reputation+Filterhttps://techlib.barracuda.com/display/BWAFv76/Enabling+Data+Theft+Protectionhttps://techlib.barracuda.com/display/BWAFv76/Configuring+User+Defined+Patternshttps://techlib.barracuda.com/display/BWAFv76/Access+Controlhttps://techlib.barracuda.com/display/BWAFv76/Load+Balancing+Overviewhttps://techlib.barracuda.com/display/BWAFv76/Configuring+Caching+and+Compressionhttps://techlib.barracuda.com/display/BWAFv76/How+to+Configure+Rate+Controlhttps://techlib.barracuda.com/display/BWAFv76/Logging%2C+Reporting+and+Monitoringhttps://techlib.barracuda.com/attachments/download/BWAFv76/4259932/Barracuda_Web_Application_Firewall_Rest_API_Version_1.pdfhttps://techlib.barracuda.com/display/BWAFv76/How+to+Configure+Syslog+and+other+Logshttps://techlib.barracuda.com/display/BWAFv76/System+Log+Messageshttps://techlib.barracuda.com/display/BWAFv76/Mitigating+Website+Vulnerabilities+using+Vulnerability+Scannershttps://techlib.barracuda.com/display/BWAFv76/Mitigating+Website+Vulnerabilities+using+Vulnerability+Scannershttps://techlib.barracuda.com/display/BWAFv76/System+Log+Messageshttps://techlib.barracuda.com/display/BWAFv76/How+to+Configure+Syslog+and+other+Logshttps://techlib.barracuda.com/attachments/download/BWAFv76/4259932/Barracuda_Web_Application_Firewall_Rest_API_Version_1.pdfhttps://techlib.barracuda.com/display/BWAFv76/Logging%2C+Reporting+and+Monitoringhttps://techlib.barracuda.com/display/BWAFv76/How+to+Configure+Rate+Controlhttps://techlib.barracuda.com/display/BWAFv76/Configuring+Caching+and+Compressionhttps://techlib.barracuda.com/display/BWAFv76/Load+Balancing+Overviewhttps://techlib.barracuda.com/display/BWAFv76/Access+Controlhttps://techlib.barracuda.com/display/BWAFv76/Configuring+User+Defined+Patternshttps://techlib.barracuda.com/display/BWAFv76/Enabling+Data+Theft+Protectionhttps://techlib.barracuda.com/display/BWAFv76/Configuring+IP+Reputation+Filterhttps://techlib.barracuda.com/display/BWAFv76/Configuring+DDoS+Policyhttps://techlib.barracuda.com/display/BWAFv76/Slow+Client+Attack+Preventionhttps://techlib.barracuda.com/display/BWAFv76/Enabling+Brute+Force+Protectionhttps://techlib.barracuda.com/display/BWAFv76/Enabling+Clickjacking+Protection+for+a+Servicehttps://techlib.barracuda.com/display/BWAFv76/How+to+Secure+HTTP+Cookieshttps://techlib.barracuda.com/display/BWAFv76/How+to+Configure+Adaptive+Profilinghttps://techlib.barracuda.com/display/BWAFv76/Enabling+Antivirus+Protection+for+File+Uploads+and+Downloadshttps://techlib.barracuda.com/display/BWAFv76/Web+Services+and+XML+Firewall+Protectionhttps://techlib.barracuda.com/attachments/download/BWAFv76/4259932/Barracuda_Web_Application_Firewall_QSG.pdfhttps://techlib.barracuda.com/display/BWAFv76/Getting+Startedhttps://techlib.barracuda.com/display/BWAFv76/Virtual+Deploymenthttps://techlib.barracuda.com/display/BWAFv76/Deployment+Optionshttps://www.barracuda.com/assets/docs/Datasheets/Barracuda_Web_Application_Firewall_800-900_Hardware_DS_US.pdfhttps://www.barracuda.com/assets/docs/Datasheets/Barracuda_Web_Application_Firewall_800-900_Hardware_DS_US.pdfhttps://www.barracuda.com/assets/docs/Datasheets/Barracuda_Web_Application_Firewall_DS_US.pdf8/12/2019 Barracuda Web Application Firewal l- Overview
4/23
Deployment OptionsThe Barracuda Web Application Firewall blocks an ever-expanding list of sophisticated web-based intrusions and attacks that
target applications hosted on web servers and in the cloud. The Barracuda Web Application Firewall scans all inbound web
traffic to block attacks, and inspects the HTTP responses from the configured back-end servers for Data Loss Prevention
(DLP). The integrated access control engine enables administrators to create granular access control policies for
Authentication, Authorization & Accounting (AAA) without having to change the application. The onboard L4/L7 Load
Balancing capabilities enable organizations to quickly add back-end servers to scale deployments as they grow. Its
application acceleration capabilities like SSL Offloading, caching, compression, and connection pooling ensures faster
application delivery of the web application content.
The Barracuda Web Application Firewall is available in multiple models and can be used to securely deploy applications of
any size. For information on available models, refer Barracuda Web Application Firewall Datasheetand 860/960 Hardware
Datasheet.
Where to Start
Learn about your Deployment Options.
If you have the Barracuda Web Application Firewall Vx virtual machine, start here: Virtual Deployment .
If you have the Barracuda Web Application Firewall appliance, start here: Getting Started.
Alternatively, you can download the Barracuda Web Application Firewall Quick Start Guide.
Key Features
Protection against common, high-visibility attacks SQL injection, Cross Site Scripting, Command injection, CSRF, XML
attacks, Antivirus Protection, Adaptive Profiling
Protection against attacks based on session state Session Hijacking, Cookie Tampering, Clickjacking
Brute Force Attack Prevention
Application denial of service (DoS) protection Slow Client Attack, DDoS Preventionusing CAPTCHA, IP Reputation Filter
Data Theft Protection Deep inspects all server responses to prevent leakage of sensitive information using provided
default patterns (credit card data, social security numbers, etc.) or User Defined Patterns(Custom Patterns).
Website Cloaking Strips identifying banners of web server software and version numbers and provides customizable
HTTP error handling to defeat server fingerprinting attacks (Suppressing error codes and filtering headers).
Access Control Form and Basic Authentication and Single Sign On with integrations into LDAP, RADIUS, CA SiteMinder,
RSA SecurID, Kerberos, SMS Passcode
Application Delivery Load Balancing, Caching and Compression, SSL Offloading, Rate Control
Logging, Reporting and Monitoring Inbuilt reporting module, Web Firewall Logs, Access Logs, Audit Logs, Configuring
Syslog
Additional Resources
Barracuda Web Application Firewall REST API Guide
Configuring Syslog and other Logs
System Log Messages
Mitigating Website Vulnerabilities using Vulnerability Scanners
https://techlib.barracuda.com/BWAFOverview 4 / 23
https://www.barracuda.com/assets/docs/Datasheets/Barracuda_Web_Application_Firewall_DS_US.pdfhttps://www.barracuda.com/assets/docs/Datasheets/Barracuda_Web_Application_Firewall_800-900_Hardware_DS_US.pdfhttps://www.barracuda.com/assets/docs/Datasheets/Barracuda_Web_Application_Firewall_800-900_Hardware_DS_US.pdfhttps://techlib.barracuda.com/display/BWAFv76/Deployment+Optionshttps://techlib.barracuda.com/display/BWAFv76/Virtual+Deploymenthttps://techlib.barracuda.com/display/BWAFv76/Getting+Startedhttps://techlib.barracuda.com/attachments/download/BWAFv76/4259932/Barracuda_Web_Application_Firewall_QSG.pdfhttps://techlib.barracuda.com/display/BWAFv76/Web+Services+and+XML+Firewall+Protectionhttps://techlib.barracuda.com/display/BWAFv76/Enabling+Antivirus+Protection+for+File+Uploads+and+Downloadshttps://techlib.barracuda.com/display/BWAFv76/How+to+Configure+Adaptive+Profilinghttps://techlib.barracuda.com/display/BWAFv76/How+to+Secure+HTTP+Cookieshttps://techlib.barracuda.com/display/BWAFv76/Enabling+Clickjacking+Protection+for+a+Servicehttps://techlib.barracuda.com/display/BWAFv76/Enabling+Brute+Force+Protectionhttps://techlib.barracuda.com/display/BWAFv76/Slow+Client+Attack+Preventionhttps://techlib.barracuda.com/display/BWAFv76/Configuring+DDoS+Policyhttps://techlib.barracuda.com/display/BWAFv76/Configuring+IP+Reputation+Filterhttps://techlib.barracuda.com/display/BWAFv76/Enabling+Data+Theft+Protectionhttps://techlib.barracuda.com/display/BWAFv76/Configuring+User+Defined+Patternshttps://techlib.barracuda.com/display/BWAFv76/Access+Controlhttps://techlib.barracuda.com/display/BWAFv76/Load+Balancing+Overviewhttps://techlib.barracuda.com/display/BWAFv76/Configuring+Caching+and+Compressionhttps://techlib.barracuda.com/display/BWAFv76/How+to+Configure+Rate+Controlhttps://techlib.barracuda.com/display/BWAFv76/Logging%2C+Reporting+and+Monitoringhttps://techlib.barracuda.com/attachments/download/BWAFv76/4259932/Barracuda_Web_Application_Firewall_Rest_API_Version_1.pdfhttps://techlib.barracuda.com/display/BWAFv76/How+to+Configure+Syslog+and+other+Logshttps://techlib.barracuda.com/display/BWAFv76/System+Log+Messageshttps://techlib.barracuda.com/display/BWAFv76/Mitigating+Website+Vulnerabilities+using+Vulnerability+Scannershttps://techlib.barracuda.com/display/BWAFv76/Mitigating+Website+Vulnerabilities+using+Vulnerability+Scannershttps://techlib.barracuda.com/display/BWAFv76/System+Log+Messageshttps://techlib.barracuda.com/display/BWAFv76/How+to+Configure+Syslog+and+other+Logshttps://techlib.barracuda.com/attachments/download/BWAFv76/4259932/Barracuda_Web_Application_Firewall_Rest_API_Version_1.pdfhttps://techlib.barracuda.com/display/BWAFv76/Logging%2C+Reporting+and+Monitoringhttps://techlib.barracuda.com/display/BWAFv76/How+to+Configure+Rate+Controlhttps://techlib.barracuda.com/display/BWAFv76/Configuring+Caching+and+Compressionhttps://techlib.barracuda.com/display/BWAFv76/Load+Balancing+Overviewhttps://techlib.barracuda.com/display/BWAFv76/Access+Controlhttps://techlib.barracuda.com/display/BWAFv76/Configuring+User+Defined+Patternshttps://techlib.barracuda.com/display/BWAFv76/Enabling+Data+Theft+Protectionhttps://techlib.barracuda.com/display/BWAFv76/Configuring+IP+Reputation+Filterhttps://techlib.barracuda.com/display/BWAFv76/Configuring+DDoS+Policyhttps://techlib.barracuda.com/display/BWAFv76/Slow+Client+Attack+Preventionhttps://techlib.barracuda.com/display/BWAFv76/Enabling+Brute+Force+Protectionhttps://techlib.barracuda.com/display/BWAFv76/Enabling+Clickjacking+Protection+for+a+Servicehttps://techlib.barracuda.com/display/BWAFv76/How+to+Secure+HTTP+Cookieshttps://techlib.barracuda.com/display/BWAFv76/How+to+Configure+Adaptive+Profilinghttps://techlib.barracuda.com/display/BWAFv76/Enabling+Antivirus+Protection+for+File+Uploads+and+Downloadshttps://techlib.barracuda.com/display/BWAFv76/Web+Services+and+XML+Firewall+Protectionhttps://techlib.barracuda.com/attachments/download/BWAFv76/4259932/Barracuda_Web_Application_Firewall_QSG.pdfhttps://techlib.barracuda.com/display/BWAFv76/Getting+Startedhttps://techlib.barracuda.com/display/BWAFv76/Virtual+Deploymenthttps://techlib.barracuda.com/display/BWAFv76/Deployment+Optionshttps://www.barracuda.com/assets/docs/Datasheets/Barracuda_Web_Application_Firewall_800-900_Hardware_DS_US.pdfhttps://www.barracuda.com/assets/docs/Datasheets/Barracuda_Web_Application_Firewall_800-900_Hardware_DS_US.pdfhttps://www.barracuda.com/assets/docs/Datasheets/Barracuda_Web_Application_Firewall_DS_US.pdf8/12/2019 Barracuda Web Application Firewal l- Overview
5/23
Getting StartedThe Barracuda Web Application Firewall blocks an ever-expanding list of sophisticated web-based intrusions and attacks that
target applications hosted on web servers and in the cloud. The Barracuda Web Application Firewall scans all inbound web
traffic to block attacks, and inspects the HTTP responses from the configured back-end servers for Data Loss Prevention
(DLP). The integrated access control engine enables administrators to create granular access control policies for
Authentication, Authorization & Accounting (AAA) without having to change the application. The onboard L4/L7 Load
Balancing capabilities enable organizations to quickly add back-end servers to scale deployments as they grow. Its
application acceleration capabilities like SSL Offloading, caching, compression, and connection pooling ensures faster
application delivery of the web application content.
The Barracuda Web Application Firewall is available in multiple models and can be used to securely deploy applications of
any size. For information on available models, refer Barracuda Web Application Firewall Datasheetand 860/960 Hardware
Datasheet.
Where to Start
Learn about your Deployment Options.
If you have the Barracuda Web Application Firewall Vx virtual machine, start here: Virtual Deployment .
If you have the Barracuda Web Application Firewall appliance, start here: Getting Started.
Alternatively, you can download the Barracuda Web Application Firewall Quick Start Guide.
Key Features
Protection against common, high-visibility attacks SQL injection, Cross Site Scripting, Command injection, CSRF, XML
attacks, Antivirus Protection, Adaptive Profiling
Protection against attacks based on session state Session Hijacking, Cookie Tampering, Clickjacking
Brute Force Attack Prevention
Application denial of service (DoS) protection Slow Client Attack, DDoS Preventionusing CAPTCHA, IP Reputation Filter
Data Theft Protection Deep inspects all server responses to prevent leakage of sensitive information using provided
default patterns (credit card data, social security numbers, etc.) or User Defined Patterns(Custom Patterns).
Website Cloaking Strips identifying banners of web server software and version numbers and provides customizable
HTTP error handling to defeat server fingerprinting attacks (Suppressing error codes and filtering headers).
Access Control Form and Basic Authentication and Single Sign On with integrations into LDAP, RADIUS, CA SiteMinder,
RSA SecurID, Kerberos, SMS Passcode
Application Delivery Load Balancing, Caching and Compression, SSL Offloading, Rate Control
Logging, Reporting and Monitoring Inbuilt reporting module, Web Firewall Logs, Access Logs, Audit Logs, Configuring
Syslog
Additional Resources
Barracuda Web Application Firewall REST API Guide
Configuring Syslog and other Logs
System Log Messages
Mitigating Website Vulnerabilities using Vulnerability Scanners
https://techlib.barracuda.com/BWAFOverview 5 / 23
https://www.barracuda.com/assets/docs/Datasheets/Barracuda_Web_Application_Firewall_DS_US.pdfhttps://www.barracuda.com/assets/docs/Datasheets/Barracuda_Web_Application_Firewall_800-900_Hardware_DS_US.pdfhttps://www.barracuda.com/assets/docs/Datasheets/Barracuda_Web_Application_Firewall_800-900_Hardware_DS_US.pdfhttps://techlib.barracuda.com/display/BWAFv76/Deployment+Optionshttps://techlib.barracuda.com/display/BWAFv76/Virtual+Deploymenthttps://techlib.barracuda.com/display/BWAFv76/Getting+Startedhttps://techlib.barracuda.com/attachments/download/BWAFv76/4259932/Barracuda_Web_Application_Firewall_QSG.pdfhttps://techlib.barracuda.com/display/BWAFv76/Web+Services+and+XML+Firewall+Protectionhttps://techlib.barracuda.com/display/BWAFv76/Enabling+Antivirus+Protection+for+File+Uploads+and+Downloadshttps://techlib.barracuda.com/display/BWAFv76/How+to+Configure+Adaptive+Profilinghttps://techlib.barracuda.com/display/BWAFv76/How+to+Secure+HTTP+Cookieshttps://techlib.barracuda.com/display/BWAFv76/Enabling+Clickjacking+Protection+for+a+Servicehttps://techlib.barracuda.com/display/BWAFv76/Enabling+Brute+Force+Protectionhttps://techlib.barracuda.com/display/BWAFv76/Slow+Client+Attack+Preventionhttps://techlib.barracuda.com/display/BWAFv76/Configuring+DDoS+Policyhttps://techlib.barracuda.com/display/BWAFv76/Configuring+IP+Reputation+Filterhttps://techlib.barracuda.com/display/BWAFv76/Enabling+Data+Theft+Protectionhttps://techlib.barracuda.com/display/BWAFv76/Configuring+User+Defined+Patternshttps://techlib.barracuda.com/display/BWAFv76/Access+Controlhttps://techlib.barracuda.com/display/BWAFv76/Load+Balancing+Overviewhttps://techlib.barracuda.com/display/BWAFv76/Configuring+Caching+and+Compressionhttps://techlib.barracuda.com/display/BWAFv76/How+to+Configure+Rate+Controlhttps://techlib.barracuda.com/display/BWAFv76/Logging%2C+Reporting+and+Monitoringhttps://techlib.barracuda.com/attachments/download/BWAFv76/4259932/Barracuda_Web_Application_Firewall_Rest_API_Version_1.pdfhttps://techlib.barracuda.com/display/BWAFv76/How+to+Configure+Syslog+and+other+Logshttps://techlib.barracuda.com/display/BWAFv76/System+Log+Messageshttps://techlib.barracuda.com/display/BWAFv76/Mitigating+Website+Vulnerabilities+using+Vulnerability+Scannershttps://techlib.barracuda.com/display/BWAFv76/Mitigating+Website+Vulnerabilities+using+Vulnerability+Scannershttps://techlib.barracuda.com/display/BWAFv76/System+Log+Messageshttps://techlib.barracuda.com/display/BWAFv76/How+to+Configure+Syslog+and+other+Logshttps://techlib.barracuda.com/attachments/download/BWAFv76/4259932/Barracuda_Web_Application_Firewall_Rest_API_Version_1.pdfhttps://techlib.barracuda.com/display/BWAFv76/Logging%2C+Reporting+and+Monitoringhttps://techlib.barracuda.com/display/BWAFv76/How+to+Configure+Rate+Controlhttps://techlib.barracuda.com/display/BWAFv76/Configuring+Caching+and+Compressionhttps://techlib.barracuda.com/display/BWAFv76/Load+Balancing+Overviewhttps://techlib.barracuda.com/display/BWAFv76/Access+Controlhttps://techlib.barracuda.com/display/BWAFv76/Configuring+User+Defined+Patternshttps://techlib.barracuda.com/display/BWAFv76/Enabling+Data+Theft+Protectionhttps://techlib.barracuda.com/display/BWAFv76/Configuring+IP+Reputation+Filterhttps://techlib.barracuda.com/display/BWAFv76/Configuring+DDoS+Policyhttps://techlib.barracuda.com/display/BWAFv76/Slow+Client+Attack+Preventionhttps://techlib.barracuda.com/display/BWAFv76/Enabling+Brute+Force+Protectionhttps://techlib.barracuda.com/display/BWAFv76/Enabling+Clickjacking+Protection+for+a+Servicehttps://techlib.barracuda.com/display/BWAFv76/How+to+Secure+HTTP+Cookieshttps://techlib.barracuda.com/display/BWAFv76/How+to+Configure+Adaptive+Profilinghttps://techlib.barracuda.com/display/BWAFv76/Enabling+Antivirus+Protection+for+File+Uploads+and+Downloadshttps://techlib.barracuda.com/display/BWAFv76/Web+Services+and+XML+Firewall+Protectionhttps://techlib.barracuda.com/attachments/download/BWAFv76/4259932/Barracuda_Web_Application_Firewall_QSG.pdfhttps://techlib.barracuda.com/display/BWAFv76/Getting+Startedhttps://techlib.barracuda.com/display/BWAFv76/Virtual+Deploymenthttps://techlib.barracuda.com/display/BWAFv76/Deployment+Optionshttps://www.barracuda.com/assets/docs/Datasheets/Barracuda_Web_Application_Firewall_800-900_Hardware_DS_US.pdfhttps://www.barracuda.com/assets/docs/Datasheets/Barracuda_Web_Application_Firewall_800-900_Hardware_DS_US.pdfhttps://www.barracuda.com/assets/docs/Datasheets/Barracuda_Web_Application_Firewall_DS_US.pdf8/12/2019 Barracuda Web Application Firewal l- Overview
6/23
Securing HTTP/HTTPS TrafficThe Barracuda Web Application Firewall blocks an ever-expanding list of sophisticated web-based intrusions and attacks that
target applications hosted on web servers and in the cloud. The Barracuda Web Application Firewall scans all inbound web
traffic to block attacks, and inspects the HTTP responses from the configured back-end servers for Data Loss Prevention
(DLP). The integrated access control engine enables administrators to create granular access control policies for
Authentication, Authorization & Accounting (AAA) without having to change the application. The onboard L4/L7 Load
Balancing capabilities enable organizations to quickly add back-end servers to scale deployments as they grow. Its
application acceleration capabilities like SSL Offloading, caching, compression, and connection pooling ensures faster
application delivery of the web application content.
The Barracuda Web Application Firewall is available in multiple models and can be used to securely deploy applications of
any size. For information on available models, refer Barracuda Web Application Firewall Datasheetand 860/960 Hardware
Datasheet.
Where to Start
Learn about your Deployment Options.
If you have the Barracuda Web Application Firewall Vx virtual machine, start here: Virtual Deployment .
If you have the Barracuda Web Application Firewall appliance, start here: Getting Started.
Alternatively, you can download the Barracuda Web Application Firewall Quick Start Guide.
Key Features
Protection against common, high-visibility attacks SQL injection, Cross Site Scripting, Command injection, CSRF, XML
attacks, Antivirus Protection, Adaptive Profiling
Protection against attacks based on session state Session Hijacking, Cookie Tampering, Clickjacking
Brute Force Attack Prevention
Application denial of service (DoS) protection Slow Client Attack, DDoS Preventionusing CAPTCHA, IP Reputation Filter
Data Theft Protection Deep inspects all server responses to prevent leakage of sensitive information using provided
default patterns (credit card data, social security numbers, etc.) or User Defined Patterns(Custom Patterns).
Website Cloaking Strips identifying banners of web server software and version numbers and provides customizable
HTTP error handling to defeat server fingerprinting attacks (Suppressing error codes and filtering headers).
Access Control Form and Basic Authentication and Single Sign On with integrations into LDAP, RADIUS, CA SiteMinder,
RSA SecurID, Kerberos, SMS Passcode
Application Delivery Load Balancing, Caching and Compression, SSL Offloading, Rate Control
Logging, Reporting and Monitoring Inbuilt reporting module, Web Firewall Logs, Access Logs, Audit Logs, Configuring
Syslog
Additional Resources
Barracuda Web Application Firewall REST API Guide
Configuring Syslog and other Logs
System Log Messages
Mitigating Website Vulnerabilities using Vulnerability Scanners
https://techlib.barracuda.com/BWAFOverview 6 / 23
https://www.barracuda.com/assets/docs/Datasheets/Barracuda_Web_Application_Firewall_DS_US.pdfhttps://www.barracuda.com/assets/docs/Datasheets/Barracuda_Web_Application_Firewall_800-900_Hardware_DS_US.pdfhttps://www.barracuda.com/assets/docs/Datasheets/Barracuda_Web_Application_Firewall_800-900_Hardware_DS_US.pdfhttps://techlib.barracuda.com/display/BWAFv76/Deployment+Optionshttps://techlib.barracuda.com/display/BWAFv76/Virtual+Deploymenthttps://techlib.barracuda.com/display/BWAFv76/Getting+Startedhttps://techlib.barracuda.com/attachments/download/BWAFv76/4259932/Barracuda_Web_Application_Firewall_QSG.pdfhttps://techlib.barracuda.com/display/BWAFv76/Web+Services+and+XML+Firewall+Protectionhttps://techlib.barracuda.com/display/BWAFv76/Enabling+Antivirus+Protection+for+File+Uploads+and+Downloadshttps://techlib.barracuda.com/display/BWAFv76/How+to+Configure+Adaptive+Profilinghttps://techlib.barracuda.com/display/BWAFv76/How+to+Secure+HTTP+Cookieshttps://techlib.barracuda.com/display/BWAFv76/Enabling+Clickjacking+Protection+for+a+Servicehttps://techlib.barracuda.com/display/BWAFv76/Enabling+Brute+Force+Protectionhttps://techlib.barracuda.com/display/BWAFv76/Slow+Client+Attack+Preventionhttps://techlib.barracuda.com/display/BWAFv76/Configuring+DDoS+Policyhttps://techlib.barracuda.com/display/BWAFv76/Configuring+IP+Reputation+Filterhttps://techlib.barracuda.com/display/BWAFv76/Enabling+Data+Theft+Protectionhttps://techlib.barracuda.com/display/BWAFv76/Configuring+User+Defined+Patternshttps://techlib.barracuda.com/display/BWAFv76/Access+Controlhttps://techlib.barracuda.com/display/BWAFv76/Load+Balancing+Overviewhttps://techlib.barracuda.com/display/BWAFv76/Configuring+Caching+and+Compressionhttps://techlib.barracuda.com/display/BWAFv76/How+to+Configure+Rate+Controlhttps://techlib.barracuda.com/display/BWAFv76/Logging%2C+Reporting+and+Monitoringhttps://techlib.barracuda.com/attachments/download/BWAFv76/4259932/Barracuda_Web_Application_Firewall_Rest_API_Version_1.pdfhttps://techlib.barracuda.com/display/BWAFv76/How+to+Configure+Syslog+and+other+Logshttps://techlib.barracuda.com/display/BWAFv76/System+Log+Messageshttps://techlib.barracuda.com/display/BWAFv76/Mitigating+Website+Vulnerabilities+using+Vulnerability+Scannershttps://techlib.barracuda.com/display/BWAFv76/Mitigating+Website+Vulnerabilities+using+Vulnerability+Scannershttps://techlib.barracuda.com/display/BWAFv76/System+Log+Messageshttps://techlib.barracuda.com/display/BWAFv76/How+to+Configure+Syslog+and+other+Logshttps://techlib.barracuda.com/attachments/download/BWAFv76/4259932/Barracuda_Web_Application_Firewall_Rest_API_Version_1.pdfhttps://techlib.barracuda.com/display/BWAFv76/Logging%2C+Reporting+and+Monitoringhttps://techlib.barracuda.com/display/BWAFv76/How+to+Configure+Rate+Controlhttps://techlib.barracuda.com/display/BWAFv76/Configuring+Caching+and+Compressionhttps://techlib.barracuda.com/display/BWAFv76/Load+Balancing+Overviewhttps://techlib.barracuda.com/display/BWAFv76/Access+Controlhttps://techlib.barracuda.com/display/BWAFv76/Configuring+User+Defined+Patternshttps://techlib.barracuda.com/display/BWAFv76/Enabling+Data+Theft+Protectionhttps://techlib.barracuda.com/display/BWAFv76/Configuring+IP+Reputation+Filterhttps://techlib.barracuda.com/display/BWAFv76/Configuring+DDoS+Policyhttps://techlib.barracuda.com/display/BWAFv76/Slow+Client+Attack+Preventionhttps://techlib.barracuda.com/display/BWAFv76/Enabling+Brute+Force+Protectionhttps://techlib.barracuda.com/display/BWAFv76/Enabling+Clickjacking+Protection+for+a+Servicehttps://techlib.barracuda.com/display/BWAFv76/How+to+Secure+HTTP+Cookieshttps://techlib.barracuda.com/display/BWAFv76/How+to+Configure+Adaptive+Profilinghttps://techlib.barracuda.com/display/BWAFv76/Enabling+Antivirus+Protection+for+File+Uploads+and+Downloadshttps://techlib.barracuda.com/display/BWAFv76/Web+Services+and+XML+Firewall+Protectionhttps://techlib.barracuda.com/attachments/download/BWAFv76/4259932/Barracuda_Web_Application_Firewall_QSG.pdfhttps://techlib.barracuda.com/display/BWAFv76/Getting+Startedhttps://techlib.barracuda.com/display/BWAFv76/Virtual+Deploymenthttps://techlib.barracuda.com/display/BWAFv76/Deployment+Optionshttps://www.barracuda.com/assets/docs/Datasheets/Barracuda_Web_Application_Firewall_800-900_Hardware_DS_US.pdfhttps://www.barracuda.com/assets/docs/Datasheets/Barracuda_Web_Application_Firewall_800-900_Hardware_DS_US.pdfhttps://www.barracuda.com/assets/docs/Datasheets/Barracuda_Web_Application_Firewall_DS_US.pdf8/12/2019 Barracuda Web Application Firewal l- Overview
7/23
Web Services and XML Firewall ProtectionThe Barracuda Web Application Firewall blocks an ever-expanding list of sophisticated web-based intrusions and attacks that
target applications hosted on web servers and in the cloud. The Barracuda Web Application Firewall scans all inbound web
traffic to block attacks, and inspects the HTTP responses from the configured back-end servers for Data Loss Prevention
(DLP). The integrated access control engine enables administrators to create granular access control policies for
Authentication, Authorization & Accounting (AAA) without having to change the application. The onboard L4/L7 Load
Balancing capabilities enable organizations to quickly add back-end servers to scale deployments as they grow. Its
application acceleration capabilities like SSL Offloading, caching, compression, and connection pooling ensures faster
application delivery of the web application content.
The Barracuda Web Application Firewall is available in multiple models and can be used to securely deploy applications of
any size. For information on available models, refer Barracuda Web Application Firewall Datasheetand 860/960 Hardware
Datasheet.
Where to Start
Learn about your Deployment Options.
If you have the Barracuda Web Application Firewall Vx virtual machine, start here: Virtual Deployment .
If you have the Barracuda Web Application Firewall appliance, start here: Getting Started.
Alternatively, you can download the Barracuda Web Application Firewall Quick Start Guide.
Key Features
Protection against common, high-visibility attacks SQL injection, Cross Site Scripting, Command injection, CSRF, XML
attacks, Antivirus Protection, Adaptive Profiling
Protection against attacks based on session state Session Hijacking, Cookie Tampering, Clickjacking
Brute Force Attack Prevention
Application denial of service (DoS) protection Slow Client Attack, DDoS Preventionusing CAPTCHA, IP Reputation Filter
Data Theft Protection Deep inspects all server responses to prevent leakage of sensitive information using provided
default patterns (credit card data, social security numbers, etc.) or User Defined Patterns(Custom Patterns).
Website Cloaking Strips identifying banners of web server software and version numbers and provides customizable
HTTP error handling to defeat server fingerprinting attacks (Suppressing error codes and filtering headers).
Access Control Form and Basic Authentication and Single Sign On with integrations into LDAP, RADIUS, CA SiteMinder,
RSA SecurID, Kerberos, SMS Passcode
Application Delivery Load Balancing, Caching and Compression, SSL Offloading, Rate Control
Logging, Reporting and Monitoring Inbuilt reporting module, Web Firewall Logs, Access Logs, Audit Logs, Configuring
Syslog
Additional Resources
Barracuda Web Application Firewall REST API Guide
Configuring Syslog and other Logs
System Log Messages
Mitigating Website Vulnerabilities using Vulnerability Scanners
https://techlib.barracuda.com/BWAFOverview 7 / 23
https://www.barracuda.com/assets/docs/Datasheets/Barracuda_Web_Application_Firewall_DS_US.pdfhttps://www.barracuda.com/assets/docs/Datasheets/Barracuda_Web_Application_Firewall_800-900_Hardware_DS_US.pdfhttps://www.barracuda.com/assets/docs/Datasheets/Barracuda_Web_Application_Firewall_800-900_Hardware_DS_US.pdfhttps://techlib.barracuda.com/display/BWAFv76/Deployment+Optionshttps://techlib.barracuda.com/display/BWAFv76/Virtual+Deploymenthttps://techlib.barracuda.com/display/BWAFv76/Getting+Startedhttps://techlib.barracuda.com/attachments/download/BWAFv76/4259932/Barracuda_Web_Application_Firewall_QSG.pdfhttps://techlib.barracuda.com/display/BWAFv76/Web+Services+and+XML+Firewall+Protectionhttps://techlib.barracuda.com/display/BWAFv76/Enabling+Antivirus+Protection+for+File+Uploads+and+Downloadshttps://techlib.barracuda.com/display/BWAFv76/How+to+Configure+Adaptive+Profilinghttps://techlib.barracuda.com/display/BWAFv76/How+to+Secure+HTTP+Cookieshttps://techlib.barracuda.com/display/BWAFv76/Enabling+Clickjacking+Protection+for+a+Servicehttps://techlib.barracuda.com/display/BWAFv76/Enabling+Brute+Force+Protectionhttps://techlib.barracuda.com/display/BWAFv76/Slow+Client+Attack+Preventionhttps://techlib.barracuda.com/display/BWAFv76/Configuring+DDoS+Policyhttps://techlib.barracuda.com/display/BWAFv76/Configuring+IP+Reputation+Filterhttps://techlib.barracuda.com/display/BWAFv76/Enabling+Data+Theft+Protectionhttps://techlib.barracuda.com/display/BWAFv76/Configuring+User+Defined+Patternshttps://techlib.barracuda.com/display/BWAFv76/Access+Controlhttps://techlib.barracuda.com/display/BWAFv76/Load+Balancing+Overviewhttps://techlib.barracuda.com/display/BWAFv76/Configuring+Caching+and+Compressionhttps://techlib.barracuda.com/display/BWAFv76/How+to+Configure+Rate+Controlhttps://techlib.barracuda.com/display/BWAFv76/Logging%2C+Reporting+and+Monitoringhttps://techlib.barracuda.com/attachments/download/BWAFv76/4259932/Barracuda_Web_Application_Firewall_Rest_API_Version_1.pdfhttps://techlib.barracuda.com/display/BWAFv76/How+to+Configure+Syslog+and+other+Logshttps://techlib.barracuda.com/display/BWAFv76/System+Log+Messageshttps://techlib.barracuda.com/display/BWAFv76/Mitigating+Website+Vulnerabilities+using+Vulnerability+Scannershttps://techlib.barracuda.com/display/BWAFv76/Mitigating+Website+Vulnerabilities+using+Vulnerability+Scannershttps://techlib.barracuda.com/display/BWAFv76/System+Log+Messageshttps://techlib.barracuda.com/display/BWAFv76/How+to+Configure+Syslog+and+other+Logshttps://techlib.barracuda.com/attachments/download/BWAFv76/4259932/Barracuda_Web_Application_Firewall_Rest_API_Version_1.pdfhttps://techlib.barracuda.com/display/BWAFv76/Logging%2C+Reporting+and+Monitoringhttps://techlib.barracuda.com/display/BWAFv76/How+to+Configure+Rate+Controlhttps://techlib.barracuda.com/display/BWAFv76/Configuring+Caching+and+Compressionhttps://techlib.barracuda.com/display/BWAFv76/Load+Balancing+Overviewhttps://techlib.barracuda.com/display/BWAFv76/Access+Controlhttps://techlib.barracuda.com/display/BWAFv76/Configuring+User+Defined+Patternshttps://techlib.barracuda.com/display/BWAFv76/Enabling+Data+Theft+Protectionhttps://techlib.barracuda.com/display/BWAFv76/Configuring+IP+Reputation+Filterhttps://techlib.barracuda.com/display/BWAFv76/Configuring+DDoS+Policyhttps://techlib.barracuda.com/display/BWAFv76/Slow+Client+Attack+Preventionhttps://techlib.barracuda.com/display/BWAFv76/Enabling+Brute+Force+Protectionhttps://techlib.barracuda.com/display/BWAFv76/Enabling+Clickjacking+Protection+for+a+Servicehttps://techlib.barracuda.com/display/BWAFv76/How+to+Secure+HTTP+Cookieshttps://techlib.barracuda.com/display/BWAFv76/How+to+Configure+Adaptive+Profilinghttps://techlib.barracuda.com/display/BWAFv76/Enabling+Antivirus+Protection+for+File+Uploads+and+Downloadshttps://techlib.barracuda.com/display/BWAFv76/Web+Services+and+XML+Firewall+Protectionhttps://techlib.barracuda.com/attachments/download/BWAFv76/4259932/Barracuda_Web_Application_Firewall_QSG.pdfhttps://techlib.barracuda.com/display/BWAFv76/Getting+Startedhttps://techlib.barracuda.com/display/BWAFv76/Virtual+Deploymenthttps://techlib.barracuda.com/display/BWAFv76/Deployment+Optionshttps://www.barracuda.com/assets/docs/Datasheets/Barracuda_Web_Application_Firewall_800-900_Hardware_DS_US.pdfhttps://www.barracuda.com/assets/docs/Datasheets/Barracuda_Web_Application_Firewall_800-900_Hardware_DS_US.pdfhttps://www.barracuda.com/assets/docs/Datasheets/Barracuda_Web_Application_Firewall_DS_US.pdf8/12/2019 Barracuda Web Application Firewal l- Overview
8/23
Advanced SecurityThe Barracuda Web Application Firewall blocks an ever-expanding list of sophisticated web-based intrusions and attacks that
target applications hosted on web servers and in the cloud. The Barracuda Web Application Firewall scans all inbound web
traffic to block attacks, and inspects the HTTP responses from the configured back-end servers for Data Loss Prevention
(DLP). The integrated access control engine enables administrators to create granular access control policies for
Authentication, Authorization & Accounting (AAA) without having to change the application. The onboard L4/L7 Load
Balancing capabilities enable organizations to quickly add back-end servers to scale deployments as they grow. Its
application acceleration capabilities like SSL Offloading, caching, compression, and connection pooling ensures faster
application delivery of the web application content.
The Barracuda Web Application Firewall is available in multiple models and can be used to securely deploy applications of
any size. For information on available models, refer Barracuda Web Application Firewall Datasheetand 860/960 Hardware
Datasheet.
Where to Start
Learn about your Deployment Options.
If you have the Barracuda Web Application Firewall Vx virtual machine, start here: Virtual Deployment .
If you have the Barracuda Web Application Firewall appliance, start here: Getting Started.
Alternatively, you can download the Barracuda Web Application Firewall Quick Start Guide.
Key Features
Protection against common, high-visibility attacks SQL injection, Cross Site Scripting, Command injection, CSRF, XML
attacks, Antivirus Protection, Adaptive Profiling
Protection against attacks based on session state Session Hijacking, Cookie Tampering, Clickjacking
Brute Force Attack Prevention
Application denial of service (DoS) protection Slow Client Attack, DDoS Preventionusing CAPTCHA, IP Reputation Filter
Data Theft Protection Deep inspects all server responses to prevent leakage of sensitive information using provided
default patterns (credit card data, social security numbers, etc.) or User Defined Patterns(Custom Patterns).
Website Cloaking Strips identifying banners of web server software and version numbers and provides customizable
HTTP error handling to defeat server fingerprinting attacks (Suppressing error codes and filtering headers).
Access Control Form and Basic Authentication and Single Sign On with integrations into LDAP, RADIUS, CA SiteMinder,
RSA SecurID, Kerberos, SMS Passcode
Application Delivery Load Balancing, Caching and Compression, SSL Offloading, Rate Control
Logging, Reporting and Monitoring Inbuilt reporting module, Web Firewall Logs, Access Logs, Audit Logs, Configuring
Syslog
Additional Resources
Barracuda Web Application Firewall REST API Guide
Configuring Syslog and other Logs
System Log Messages
Mitigating Website Vulnerabilities using Vulnerability Scanners
https://techlib.barracuda.com/BWAFOverview 8 / 23
https://www.barracuda.com/assets/docs/Datasheets/Barracuda_Web_Application_Firewall_DS_US.pdfhttps://www.barracuda.com/assets/docs/Datasheets/Barracuda_Web_Application_Firewall_800-900_Hardware_DS_US.pdfhttps://www.barracuda.com/assets/docs/Datasheets/Barracuda_Web_Application_Firewall_800-900_Hardware_DS_US.pdfhttps://techlib.barracuda.com/display/BWAFv76/Deployment+Optionshttps://techlib.barracuda.com/display/BWAFv76/Virtual+Deploymenthttps://techlib.barracuda.com/display/BWAFv76/Getting+Startedhttps://techlib.barracuda.com/attachments/download/BWAFv76/4259932/Barracuda_Web_Application_Firewall_QSG.pdfhttps://techlib.barracuda.com/display/BWAFv76/Web+Services+and+XML+Firewall+Protectionhttps://techlib.barracuda.com/display/BWAFv76/Enabling+Antivirus+Protection+for+File+Uploads+and+Downloadshttps://techlib.barracuda.com/display/BWAFv76/How+to+Configure+Adaptive+Profilinghttps://techlib.barracuda.com/display/BWAFv76/How+to+Secure+HTTP+Cookieshttps://techlib.barracuda.com/display/BWAFv76/Enabling+Clickjacking+Protection+for+a+Servicehttps://techlib.barracuda.com/display/BWAFv76/Enabling+Brute+Force+Protectionhttps://techlib.barracuda.com/display/BWAFv76/Slow+Client+Attack+Preventionhttps://techlib.barracuda.com/display/BWAFv76/Configuring+DDoS+Policyhttps://techlib.barracuda.com/display/BWAFv76/Configuring+IP+Reputation+Filterhttps://techlib.barracuda.com/display/BWAFv76/Enabling+Data+Theft+Protectionhttps://techlib.barracuda.com/display/BWAFv76/Configuring+User+Defined+Patternshttps://techlib.barracuda.com/display/BWAFv76/Access+Controlhttps://techlib.barracuda.com/display/BWAFv76/Load+Balancing+Overviewhttps://techlib.barracuda.com/display/BWAFv76/Configuring+Caching+and+Compressionhttps://techlib.barracuda.com/display/BWAFv76/How+to+Configure+Rate+Controlhttps://techlib.barracuda.com/display/BWAFv76/Logging%2C+Reporting+and+Monitoringhttps://techlib.barracuda.com/attachments/download/BWAFv76/4259932/Barracuda_Web_Application_Firewall_Rest_API_Version_1.pdfhttps://techlib.barracuda.com/display/BWAFv76/How+to+Configure+Syslog+and+other+Logshttps://techlib.barracuda.com/display/BWAFv76/System+Log+Messageshttps://techlib.barracuda.com/display/BWAFv76/Mitigating+Website+Vulnerabilities+using+Vulnerability+Scannershttps://techlib.barracuda.com/display/BWAFv76/Mitigating+Website+Vulnerabilities+using+Vulnerability+Scannershttps://techlib.barracuda.com/display/BWAFv76/System+Log+Messageshttps://techlib.barracuda.com/display/BWAFv76/How+to+Configure+Syslog+and+other+Logshttps://techlib.barracuda.com/attachments/download/BWAFv76/4259932/Barracuda_Web_Application_Firewall_Rest_API_Version_1.pdfhttps://techlib.barracuda.com/display/BWAFv76/Logging%2C+Reporting+and+Monitoringhttps://techlib.barracuda.com/display/BWAFv76/How+to+Configure+Rate+Controlhttps://techlib.barracuda.com/display/BWAFv76/Configuring+Caching+and+Compressionhttps://techlib.barracuda.com/display/BWAFv76/Load+Balancing+Overviewhttps://techlib.barracuda.com/display/BWAFv76/Access+Controlhttps://techlib.barracuda.com/display/BWAFv76/Configuring+User+Defined+Patternshttps://techlib.barracuda.com/display/BWAFv76/Enabling+Data+Theft+Protectionhttps://techlib.barracuda.com/display/BWAFv76/Configuring+IP+Reputation+Filterhttps://techlib.barracuda.com/display/BWAFv76/Configuring+DDoS+Policyhttps://techlib.barracuda.com/display/BWAFv76/Slow+Client+Attack+Preventionhttps://techlib.barracuda.com/display/BWAFv76/Enabling+Brute+Force+Protectionhttps://techlib.barracuda.com/display/BWAFv76/Enabling+Clickjacking+Protection+for+a+Servicehttps://techlib.barracuda.com/display/BWAFv76/How+to+Secure+HTTP+Cookieshttps://techlib.barracuda.com/display/BWAFv76/How+to+Configure+Adaptive+Profilinghttps://techlib.barracuda.com/display/BWAFv76/Enabling+Antivirus+Protection+for+File+Uploads+and+Downloadshttps://techlib.barracuda.com/display/BWAFv76/Web+Services+and+XML+Firewall+Protectionhttps://techlib.barracuda.com/attachments/download/BWAFv76/4259932/Barracuda_Web_Application_Firewall_QSG.pdfhttps://techlib.barracuda.com/display/BWAFv76/Getting+Startedhttps://techlib.barracuda.com/display/BWAFv76/Virtual+Deploymenthttps://techlib.barracuda.com/display/BWAFv76/Deployment+Optionshttps://www.barracuda.com/assets/docs/Datasheets/Barracuda_Web_Application_Firewall_800-900_Hardware_DS_US.pdfhttps://www.barracuda.com/assets/docs/Datasheets/Barracuda_Web_Application_Firewall_800-900_Hardware_DS_US.pdfhttps://www.barracuda.com/assets/docs/Datasheets/Barracuda_Web_Application_Firewall_DS_US.pdf8/12/2019 Barracuda Web Application Firewal l- Overview
9/23
Application DDoS Attack ProtectionThe Barracuda Web Application Firewall blocks an ever-expanding list of sophisticated web-based intrusions and attacks that
target applications hosted on web servers and in the cloud. The Barracuda Web Application Firewall scans all inbound web
traffic to block attacks, and inspects the HTTP responses from the configured back-end servers for Data Loss Prevention
(DLP). The integrated access control engine enables administrators to create granular access control policies for
Authentication, Authorization & Accounting (AAA) without having to change the application. The onboard L4/L7 Load
Balancing capabilities enable organizations to quickly add back-end servers to scale deployments as they grow. Its
application acceleration capabilities like SSL Offloading, caching, compression, and connection pooling ensures faster
application delivery of the web application content.
The Barracuda Web Application Firewall is available in multiple models and can be used to securely deploy applications of
any size. For information on available models, refer Barracuda Web Application Firewall Datasheetand 860/960 Hardware
Datasheet.
Where to Start
Learn about your Deployment Options.
If you have the Barracuda Web Application Firewall Vx virtual machine, start here: Virtual Deployment .
If you have the Barracuda Web Application Firewall appliance, start here: Getting Started.
Alternatively, you can download the Barracuda Web Application Firewall Quick Start Guide.
Key Features
Protection against common, high-visibility attacks SQL injection, Cross Site Scripting, Command injection, CSRF, XML
attacks, Antivirus Protection, Adaptive Profiling
Protection against attacks based on session state Session Hijacking, Cookie Tampering, Clickjacking
Brute Force Attack Prevention
Application denial of service (DoS) protection Slow Client Attack, DDoS Preventionusing CAPTCHA, IP Reputation Filter
Data Theft Protection Deep inspects all server responses to prevent leakage of sensitive information using provided
default patterns (credit card data, social security numbers, etc.) or User Defined Patterns(Custom Patterns).
Website Cloaking Strips identifying banners of web server software and version numbers and provides customizable
HTTP error handling to defeat server fingerprinting attacks (Suppressing error codes and filtering headers).
Access Control Form and Basic Authentication and Single Sign On with integrations into LDAP, RADIUS, CA SiteMinder,
RSA SecurID, Kerberos, SMS Passcode
Application Delivery Load Balancing, Caching and Compression, SSL Offloading, Rate Control
Logging, Reporting and Monitoring Inbuilt reporting module, Web Firewall Logs, Access Logs, Audit Logs, Configuring
Syslog
Additional Resources
Barracuda Web Application Firewall REST API Guide
Configuring Syslog and other Logs
System Log Messages
Mitigating Website Vulnerabilities using Vulnerability Scanners
https://techlib.barracuda.com/BWAFOverview 9 / 23
https://www.barracuda.com/assets/docs/Datasheets/Barracuda_Web_Application_Firewall_DS_US.pdfhttps://www.barracuda.com/assets/docs/Datasheets/Barracuda_Web_Application_Firewall_800-900_Hardware_DS_US.pdfhttps://www.barracuda.com/assets/docs/Datasheets/Barracuda_Web_Application_Firewall_800-900_Hardware_DS_US.pdfhttps://techlib.barracuda.com/display/BWAFv76/Deployment+Optionshttps://techlib.barracuda.com/display/BWAFv76/Virtual+Deploymenthttps://techlib.barracuda.com/display/BWAFv76/Getting+Startedhttps://techlib.barracuda.com/attachments/download/BWAFv76/4259932/Barracuda_Web_Application_Firewall_QSG.pdfhttps://techlib.barracuda.com/display/BWAFv76/Web+Services+and+XML+Firewall+Protectionhttps://techlib.barracuda.com/display/BWAFv76/Enabling+Antivirus+Protection+for+File+Uploads+and+Downloadshttps://techlib.barracuda.com/display/BWAFv76/How+to+Configure+Adaptive+Profilinghttps://techlib.barracuda.com/display/BWAFv76/How+to+Secure+HTTP+Cookieshttps://techlib.barracuda.com/display/BWAFv76/Enabling+Clickjacking+Protection+for+a+Servicehttps://techlib.barracuda.com/display/BWAFv76/Enabling+Brute+Force+Protectionhttps://techlib.barracuda.com/display/BWAFv76/Slow+Client+Attack+Preventionhttps://techlib.barracuda.com/display/BWAFv76/Configuring+DDoS+Policyhttps://techlib.barracuda.com/display/BWAFv76/Configuring+IP+Reputation+Filterhttps://techlib.barracuda.com/display/BWAFv76/Enabling+Data+Theft+Protectionhttps://techlib.barracuda.com/display/BWAFv76/Configuring+User+Defined+Patternshttps://techlib.barracuda.com/display/BWAFv76/Access+Controlhttps://techlib.barracuda.com/display/BWAFv76/Load+Balancing+Overviewhttps://techlib.barracuda.com/display/BWAFv76/Configuring+Caching+and+Compressionhttps://techlib.barracuda.com/display/BWAFv76/How+to+Configure+Rate+Controlhttps://techlib.barracuda.com/display/BWAFv76/Logging%2C+Reporting+and+Monitoringhttps://techlib.barracuda.com/attachments/download/BWAFv76/4259932/Barracuda_Web_Application_Firewall_Rest_API_Version_1.pdfhttps://techlib.barracuda.com/display/BWAFv76/How+to+Configure+Syslog+and+other+Logshttps://techlib.barracuda.com/display/BWAFv76/System+Log+Messageshttps://techlib.barracuda.com/display/BWAFv76/Mitigating+Website+Vulnerabilities+using+Vulnerability+Scannershttps://techlib.barracuda.com/display/BWAFv76/Mitigating+Website+Vulnerabilities+using+Vulnerability+Scannershttps://techlib.barracuda.com/display/BWAFv76/System+Log+Messageshttps://techlib.barracuda.com/display/BWAFv76/How+to+Configure+Syslog+and+other+Logshttps://techlib.barracuda.com/attachments/download/BWAFv76/4259932/Barracuda_Web_Application_Firewall_Rest_API_Version_1.pdfhttps://techlib.barracuda.com/display/BWAFv76/Logging%2C+Reporting+and+Monitoringhttps://techlib.barracuda.com/display/BWAFv76/How+to+Configure+Rate+Controlhttps://techlib.barracuda.com/display/BWAFv76/Configuring+Caching+and+Compressionhttps://techlib.barracuda.com/display/BWAFv76/Load+Balancing+Overviewhttps://techlib.barracuda.com/display/BWAFv76/Access+Controlhttps://techlib.barracuda.com/display/BWAFv76/Configuring+User+Defined+Patternshttps://techlib.barracuda.com/display/BWAFv76/Enabling+Data+Theft+Protectionhttps://techlib.barracuda.com/display/BWAFv76/Configuring+IP+Reputation+Filterhttps://techlib.barracuda.com/display/BWAFv76/Configuring+DDoS+Policyhttps://techlib.barracuda.com/display/BWAFv76/Slow+Client+Attack+Preventionhttps://techlib.barracuda.com/display/BWAFv76/Enabling+Brute+Force+Protectionhttps://techlib.barracuda.com/display/BWAFv76/Enabling+Clickjacking+Protection+for+a+Servicehttps://techlib.barracuda.com/display/BWAFv76/How+to+Secure+HTTP+Cookieshttps://techlib.barracuda.com/display/BWAFv76/How+to+Configure+Adaptive+Profilinghttps://techlib.barracuda.com/display/BWAFv76/Enabling+Antivirus+Protection+for+File+Uploads+and+Downloadshttps://techlib.barracuda.com/display/BWAFv76/Web+Services+and+XML+Firewall+Protectionhttps://techlib.barracuda.com/attachments/download/BWAFv76/4259932/Barracuda_Web_Application_Firewall_QSG.pdfhttps://techlib.barracuda.com/display/BWAFv76/Getting+Startedhttps://techlib.barracuda.com/display/BWAFv76/Virtual+Deploymenthttps://techlib.barracuda.com/display/BWAFv76/Deployment+Optionshttps://www.barracuda.com/assets/docs/Datasheets/Barracuda_Web_Application_Firewall_800-900_Hardware_DS_US.pdfhttps://www.barracuda.com/assets/docs/Datasheets/Barracuda_Web_Application_Firewall_800-900_Hardware_DS_US.pdfhttps://www.barracuda.com/assets/docs/Datasheets/Barracuda_Web_Application_Firewall_DS_US.pdf8/12/2019 Barracuda Web Application Firewal l- Overview
10/23
Tuning Security RulesThe Barracuda Web Application Firewall blocks an ever-expanding list of sophisticated web-based intrusions and attacks that
target applications hosted on web servers and in the cloud. The Barracuda Web Application Firewall scans all inbound web
traffic to block attacks, and inspects the HTTP responses from the configured back-end servers for Data Loss Prevention
(DLP). The integrated access control engine enables administrators to create granular access control policies for
Authentication, Authorization & Accounting (AAA) without having to change the application. The onboard L4/L7 Load
Balancing capabilities enable organizations to quickly add back-end servers to scale deployments as they grow. Its
application acceleration capabilities like SSL Offloading, caching, compression, and connection pooling ensures faster
application delivery of the web application content.
The Barracuda Web Application Firewall is available in multiple models and can be used to securely deploy applications of
any size. For information on available models, refer Barracuda Web Application Firewall Datasheetand 860/960 Hardware
Datasheet.
Where to Start
Learn about your Deployment Options.
If you have the Barracuda Web Application Firewall Vx virtual machine, start here: Virtual Deployment .
If you have the Barracuda Web Application Firewall appliance, start here: Getting Started.
Alternatively, you can download the Barracuda Web Application Firewall Quick Start Guide.
Key Features
Protection against common, high-visibility attacks SQL injection, Cross Site Scripting, Command injection, CSRF, XML
attacks, Antivirus Protection, Adaptive Profiling
Protection against attacks based on session state Session Hijacking, Cookie Tampering, Clickjacking
Brute Force Attack Prevention
Application denial of service (DoS) protection Slow Client Attack, DDoS Preventionusing CAPTCHA, IP Reputation Filter
Data Theft Protection Deep inspects all server responses to prevent leakage of sensitive information using provided
default patterns (credit card data, social security numbers, etc.) or User Defined Patterns(Custom Patterns).
Website Cloaking Strips identifying banners of web server software and version numbers and provides customizable
HTTP error handling to defeat server fingerprinting attacks (Suppressing error codes and filtering headers).
Access Control Form and Basic Authentication and Single Sign On with integrations into LDAP, RADIUS, CA SiteMinder,
RSA SecurID, Kerberos, SMS Passcode
Application Delivery Load Balancing, Caching and Compression, SSL Offloading, Rate Control
Logging, Reporting and Monitoring Inbuilt reporting module, Web Firewall Logs, Access Logs, Audit Logs, Configuring
Syslog
Additional Resources
Barracuda Web Application Firewall REST API Guide
Configuring Syslog and other Logs
System Log Messages
Mitigating Website Vulnerabilities using Vulnerability Scanners
https://techlib.barracuda.com/BWAFOverview 10 / 23
https://www.barracuda.com/assets/docs/Datasheets/Barracuda_Web_Application_Firewall_DS_US.pdfhttps://www.barracuda.com/assets/docs/Datasheets/Barracuda_Web_Application_Firewall_800-900_Hardware_DS_US.pdfhttps://www.barracuda.com/assets/docs/Datasheets/Barracuda_Web_Application_Firewall_800-900_Hardware_DS_US.pdfhttps://techlib.barracuda.com/display/BWAFv76/Deployment+Optionshttps://techlib.barracuda.com/display/BWAFv76/Virtual+Deploymenthttps://techlib.barracuda.com/display/BWAFv76/Getting+Startedhttps://techlib.barracuda.com/attachments/download/BWAFv76/4259932/Barracuda_Web_Application_Firewall_QSG.pdfhttps://techlib.barracuda.com/display/BWAFv76/Web+Services+and+XML+Firewall+Protectionhttps://techlib.barracuda.com/display/BWAFv76/Enabling+Antivirus+Protection+for+File+Uploads+and+Downloadshttps://techlib.barracuda.com/display/BWAFv76/How+to+Configure+Adaptive+Profilinghttps://techlib.barracuda.com/display/BWAFv76/How+to+Secure+HTTP+Cookieshttps://techlib.barracuda.com/display/BWAFv76/Enabling+Clickjacking+Protection+for+a+Servicehttps://techlib.barracuda.com/display/BWAFv76/Enabling+Brute+Force+Protectionhttps://techlib.barracuda.com/display/BWAFv76/Slow+Client+Attack+Preventionhttps://techlib.barracuda.com/display/BWAFv76/Configuring+DDoS+Policyhttps://techlib.barracuda.com/display/BWAFv76/Configuring+IP+Reputation+Filterhttps://techlib.barracuda.com/display/BWAFv76/Enabling+Data+Theft+Protectionhttps://techlib.barracuda.com/display/BWAFv76/Configuring+User+Defined+Patternshttps://techlib.barracuda.com/display/BWAFv76/Access+Controlhttps://techlib.barracuda.com/display/BWAFv76/Load+Balancing+Overviewhttps://techlib.barracuda.com/display/BWAFv76/Configuring+Caching+and+Compressionhttps://techlib.barracuda.com/display/BWAFv76/How+to+Configure+Rate+Controlhttps://techlib.barracuda.com/display/BWAFv76/Logging%2C+Reporting+and+Monitoringhttps://techlib.barracuda.com/attachments/download/BWAFv76/4259932/Barracuda_Web_Application_Firewall_Rest_API_Version_1.pdfhttps://techlib.barracuda.com/display/BWAFv76/How+to+Configure+Syslog+and+other+Logshttps://techlib.barracuda.com/display/BWAFv76/System+Log+Messageshttps://techlib.barracuda.com/display/BWAFv76/Mitigating+Website+Vulnerabilities+using+Vulnerability+Scannershttps://techlib.barracuda.com/display/BWAFv76/Mitigating+Website+Vulnerabilities+using+Vulnerability+Scannershttps://techlib.barracuda.com/display/BWAFv76/System+Log+Messageshttps://techlib.barracuda.com/display/BWAFv76/How+to+Configure+Syslog+and+other+Logshttps://techlib.barracuda.com/attachments/download/BWAFv76/4259932/Barracuda_Web_Application_Firewall_Rest_API_Version_1.pdfhttps://techlib.barracuda.com/display/BWAFv76/Logging%2C+Reporting+and+Monitoringhttps://techlib.barracuda.com/display/BWAFv76/How+to+Configure+Rate+Controlhttps://techlib.barracuda.com/display/BWAFv76/Configuring+Caching+and+Compressionhttps://techlib.barracuda.com/display/BWAFv76/Load+Balancing+Overviewhttps://techlib.barracuda.com/display/BWAFv76/Access+Controlhttps://techlib.barracuda.com/display/BWAFv76/Configuring+User+Defined+Patternshttps://techlib.barracuda.com/display/BWAFv76/Enabling+Data+Theft+Protectionhttps://techlib.barracuda.com/display/BWAFv76/Configuring+IP+Reputation+Filterhttps://techlib.barracuda.com/display/BWAFv76/Configuring+DDoS+Policyhttps://techlib.barracuda.com/display/BWAFv76/Slow+Client+Attack+Preventionhttps://techlib.barracuda.com/display/BWAFv76/Enabling+Brute+Force+Protectionhttps://techlib.barracuda.com/display/BWAFv76/Enabling+Clickjacking+Protection+for+a+Servicehttps://techlib.barracuda.com/display/BWAFv76/How+to+Secure+HTTP+Cookieshttps://techlib.barracuda.com/display/BWAFv76/How+to+Configure+Adaptive+Profilinghttps://techlib.barracuda.com/display/BWAFv76/Enabling+Antivirus+Protection+for+File+Uploads+and+Downloadshttps://techlib.barracuda.com/display/BWAFv76/Web+Services+and+XML+Firewall+Protectionhttps://techlib.barracuda.com/attachments/download/BWAFv76/4259932/Barracuda_Web_Application_Firewall_QSG.pdfhttps://techlib.barracuda.com/display/BWAFv76/Getting+Startedhttps://techlib.barracuda.com/display/BWAFv76/Virtual+Deploymenthttps://techlib.barracuda.com/display/BWAFv76/Deployment+Optionshttps://www.barracuda.com/assets/docs/Datasheets/Barracuda_Web_Application_Firewall_800-900_Hardware_DS_US.pdfhttps://www.barracuda.com/assets/docs/Datasheets/Barracuda_Web_Application_Firewall_800-900_Hardware_DS_US.pdfhttps://www.barracuda.com/assets/docs/Datasheets/Barracuda_Web_Application_Firewall_DS_US.pdf8/12/2019 Barracuda Web Application Firewal l- Overview
11/23
8/12/2019 Barracuda Web Application Firewal l- Overview
12/23
Traffic ManagementThe Barracuda Web Application Firewall blocks an ever-expanding list of sophisticated web-based intrusions and attacks that
target applications hosted on web servers and in the cloud. The Barracuda Web Application Firewall scans all inbound web
traffic to block attacks, and inspects the HTTP responses from the configured back-end servers for Data Loss Prevention
(DLP). The integrated access control engine enables administrators to create granular access control policies for
Authentication, Authorization & Accounting (AAA) without having to change the application. The onboard L4/L7 Load
Balancing capabilities enable organizations to quickly add back-end servers to scale deployments as they grow. Its
application acceleration capabilities like SSL Offloading, caching, compression, and connection pooling ensures faster
application delivery of the web application content.
The Barracuda Web Application Firewall is available in multiple models and can be used to securely deploy applications of
any size. For information on available models, refer Barracuda Web Application Firewall Datasheetand 860/960 Hardware
Datasheet.
Where to Start
Learn about your Deployment Options.
If you have the Barracuda Web Application Firewall Vx virtual machine, start here: Virtual Deployment .
If you have the Barracuda Web Application Firewall appliance, start here: Getting Started.
Alternatively, you can download the Barracuda Web Application Firewall Quick Start Guide.
Key Features
Protection against common, high-visibility attacks SQL injection, Cross Site Scripting, Command injection, CSRF, XML
attacks, Antivirus Protection, Adaptive Profiling
Protection against attacks based on session state Session Hijacking, Cookie Tampering, Clickjacking
Brute Force Attack Prevention
Application denial of service (DoS) protection Slow Client Attack, DDoS Preventionusing CAPTCHA, IP Reputation Filter
Data Theft Protection Deep inspects all server responses to prevent leakage of sensitive information using provided
default patterns (credit card data, social security numbers, etc.) or User Defined Patterns(Custom Patterns).
Website Cloaking Strips identifying banners of web server software and version numbers and provides customizable
HTTP error handling to defeat server fingerprinting attacks (Suppressing error codes and filtering headers).
Access Control Form and Basic Authentication and Single Sign On with integrations into LDAP, RADIUS, CA SiteMinder,
RSA SecurID, Kerberos, SMS Passcode
Application Delivery Load Balancing, Caching and Compression, SSL Offloading, Rate Control
Logging, Reporting and Monitoring Inbuilt reporting module, Web Firewall Logs, Access Logs, Audit Logs, Configuring
Syslog
Additional Resources
Barracuda Web Application Firewall REST API Guide
Configuring Syslog and other Logs
System Log Messages
Mitigating Website Vulnerabilities using Vulnerability Scanners
https://techlib.barracuda.com/BWAFOverview 12 / 23
https://www.barracuda.com/assets/docs/Datasheets/Barracuda_Web_Application_Firewall_DS_US.pdfhttps://www.barracuda.com/assets/docs/Datasheets/Barracuda_Web_Application_Firewall_800-900_Hardware_DS_US.pdfhttps://www.barracuda.com/assets/docs/Datasheets/Barracuda_Web_Application_Firewall_800-900_Hardware_DS_US.pdfhttps://techlib.barracuda.com/display/BWAFv76/Deployment+Optionshttps://techlib.barracuda.com/display/BWAFv76/Virtual+Deploymenthttps://techlib.barracuda.com/display/BWAFv76/Getting+Startedhttps://techlib.barracuda.com/attachments/download/BWAFv76/4259932/Barracuda_Web_Application_Firewall_QSG.pdfhttps://techlib.barracuda.com/display/BWAFv76/Web+Services+and+XML+Firewall+Protectionhttps://techlib.barracuda.com/display/BWAFv76/Enabling+Antivirus+Protection+for+File+Uploads+and+Downloadshttps://techlib.barracuda.com/display/BWAFv76/How+to+Configure+Adaptive+Profilinghttps://techlib.barracuda.com/display/BWAFv76/How+to+Secure+HTTP+Cookieshttps://techlib.barracuda.com/display/BWAFv76/Enabling+Clickjacking+Protection+for+a+Servicehttps://techlib.barracuda.com/display/BWAFv76/Enabling+Brute+Force+Protectionhttps://techlib.barracuda.com/display/BWAFv76/Slow+Client+Attack+Preventionhttps://techlib.barracuda.com/display/BWAFv76/Configuring+DDoS+Policyhttps://techlib.barracuda.com/display/BWAFv76/Configuring+IP+Reputation+Filterhttps://techlib.barracuda.com/display/BWAFv76/Enabling+Data+Theft+Protectionhttps://techlib.barracuda.com/display/BWAFv76/Configuring+User+Defined+Patternshttps://techlib.barracuda.com/display/BWAFv76/Access+Controlhttps://techlib.barracuda.com/display/BWAFv76/Load+Balancing+Overviewhttps://techlib.barracuda.com/display/BWAFv76/Configuring+Caching+and+Compressionhttps://techlib.barracuda.com/display/BWAFv76/How+to+Configure+Rate+Controlhttps://techlib.barracuda.com/display/BWAFv76/Logging%2C+Reporting+and+Monitoringhttps://techlib.barracuda.com/attachments/download/BWAFv76/4259932/Barracuda_Web_Application_Firewall_Rest_API_Version_1.pdfhttps://techlib.barracuda.com/display/BWAFv76/How+to+Configure+Syslog+and+other+Logshttps://techlib.barracuda.com/display/BWAFv76/System+Log+Messageshttps://techlib.barracuda.com/display/BWAFv76/Mitigating+Website+Vulnerabilities+using+Vulnerability+Scannershttps://techlib.barracuda.com/display/BWAFv76/Mitigating+Website+Vulnerabilities+using+Vulnerability+Scannershttps://techlib.barracuda.com/display/BWAFv76/System+Log+Messageshttps://techlib.barracuda.com/display/BWAFv76/How+to+Configure+Syslog+and+other+Logshttps://techlib.barracuda.com/attachments/download/BWAFv76/4259932/Barracuda_Web_Application_Firewall_Rest_API_Version_1.pdfhttps://techlib.barracuda.com/display/BWAFv76/Logging%2C+Reporting+and+Monitoringhttps://techlib.barracuda.com/display/BWAFv76/How+to+Configure+Rate+Controlhttps://techlib.barracuda.com/display/BWAFv76/Configuring+Caching+and+Compressionhttps://techlib.barracuda.com/display/BWAFv76/Load+Balancing+Overviewhttps://techlib.barracuda.com/display/BWAFv76/Access+Controlhttps://techlib.barracuda.com/display/BWAFv76/Configuring+User+Defined+Patternshttps://techlib.barracuda.com/display/BWAFv76/Enabling+Data+Theft+Protectionhttps://techlib.barracuda.com/display/BWAFv76/Configuring+IP+Reputation+Filterhttps://techlib.barracuda.com/display/BWAFv76/Configuring+DDoS+Policyhttps://techlib.barracuda.com/display/BWAFv76/Slow+Client+Attack+Preventionhttps://techlib.barracuda.com/display/BWAFv76/Enabling+Brute+Force+Protectionhttps://techlib.barracuda.com/display/BWAFv76/Enabling+Clickjacking+Protection+for+a+Servicehttps://techlib.barracuda.com/display/BWAFv76/How+to+Secure+HTTP+Cookieshttps://techlib.barracuda.com/display/BWAFv76/How+to+Configure+Adaptive+Profilinghttps://techlib.barracuda.com/display/BWAFv76/Enabling+Antivirus+Protection+for+File+Uploads+and+Downloadshttps://techlib.barracuda.com/display/BWAFv76/Web+Services+and+XML+Firewall+Protectionhttps://techlib.barracuda.com/attachments/download/BWAFv76/4259932/Barracuda_Web_Application_Firewall_QSG.pdfhttps://techlib.barracuda.com/display/BWAFv76/Getting+Startedhttps://techlib.barracuda.com/display/BWAFv76/Virtual+Deploymenthttps://techlib.barracuda.com/display/BWAFv76/Deployment+Optionshttps://www.barracuda.com/assets/docs/Datasheets/Barracuda_Web_Application_Firewall_800-900_Hardware_DS_US.pdfhttps://www.barracuda.com/assets/docs/Datasheets/Barracuda_Web_Application_Firewall_800-900_Hardware_DS_US.pdfhttps://www.barracuda.com/assets/docs/Datasheets/Barracuda_Web_Application_Firewall_DS_US.pdf8/12/2019 Barracuda Web Application Firewal l- Overview
13/23
Logging, Reporting and MonitoringThe Barracuda Web Application Firewall blocks an ever-expanding list of sophisticated web-based intrusions and attacks that
target applications hosted on web servers and in the cloud. The Barracuda Web Application Firewall scans all inbound web
traffic to block attacks, and inspects the HTTP responses from the configured back-end servers for Data Loss Prevention
(DLP). The integrated access control engine enables administrators to create granular access control policies for
Authentication, Authorization & Accounting (AAA) without having to change the application. The onboard L4/L7 Load
Balancing capabilities enable organizations to quickly add back-end servers to scale deployments as they grow. Its
application acceleration capabilities like SSL Offloading, caching, compression, and connection pooling ensures faster
application delivery of the web application content.
The Barracuda Web Application Firewall is available in multiple models and can be used to securely deploy applications of
any size. For information on available models, refer Barracuda Web Application Firewall Datasheetand 860/960 Hardware
Datasheet.
Where to Start
Learn about your Deployment Options.
If you have the Barracuda Web Application Firewall Vx virtual machine, start here: Virtual Deployment .
If you have the Barracuda Web Application Firewall appliance, start here: Getting Started.
Alternatively, you can download the Barracuda Web Application Firewall Quick Start Guide.
Key Features
Protection against common, high-visibility attacks SQL injection, Cross Site Scripting, Command injection, CSRF, XML
attacks, Antivirus Protection, Adaptive Profiling
Protection against attacks based on session state Session Hijacking, Cookie Tampering, Clickjacking
Brute Force Attack Prevention
Application denial of service (DoS) protection Slow Client Attack, DDoS Preventionusing CAPTCHA, IP Reputation Filter
Data Theft Protection Deep inspects all server responses to prevent leakage of sensitive information using provided
default patterns (credit card data, social security numbers, etc.) or User Defined Patterns(Custom Patterns).
Website Cloaking Strips identifying banners of web server software and version numbers and provides customizable
HTTP error handling to defeat server fingerprinting attacks (Suppressing error codes and filtering headers).
Access Control Form and Basic Authentication and Single Sign On with integrations into LDAP, RADIUS, CA SiteMinder,
RSA SecurID, Kerberos, SMS Passcode
Application Delivery Load Balancing, Caching and Compression, SSL Offloading, Rate Control
Logging, Reporting and Monitoring Inbuilt reporting module, Web Firewall Logs, Access Logs, Audit Logs, Configuring
Syslog
Additional Resources
Barracuda Web Application Firewall REST API Guide
Configuring Syslog and other Logs
System Log Messages
Mitigating Website Vulnerabilities using Vulnerability Scanners
https://techlib.barracuda.com/BWAFOverview 13 / 23
https://www.barracuda.com/assets/docs/Datasheets/Barracuda_Web_Application_Firewall_DS_US.pdfhttps://www.barracuda.com/assets/docs/Datasheets/Barracuda_Web_Application_Firewall_800-900_Hardware_DS_US.pdfhttps://www.barracuda.com/assets/docs/Datasheets/Barracuda_Web_Application_Firewall_800-900_Hardware_DS_US.pdfhttps://techlib.barracuda.com/display/BWAFv76/Deployment+Optionshttps://techlib.barracuda.com/display/BWAFv76/Virtual+Deploymenthttps://techlib.barracuda.com/display/BWAFv76/Getting+Startedhttps://techlib.barracuda.com/attachments/download/BWAFv76/4259932/Barracuda_Web_Application_Firewall_QSG.pdfhttps://techlib.barracuda.com/display/BWAFv76/Web+Services+and+XML+Firewall+Protectionhttps://techlib.barracuda.com/display/BWAFv76/Enabling+Antivirus+Protection+for+File+Uploads+and+Downloadshttps://techlib.barracuda.com/display/BWAFv76/How+to+Configure+Adaptive+Profilinghttps://techlib.barracuda.com/display/BWAFv76/How+to+Secure+HTTP+Cookieshttps://techlib.barracuda.com/display/BWAFv76/Enabling+Clickjacking+Protection+for+a+Servicehttps://techlib.barracuda.com/display/BWAFv76/Enabling+Brute+Force+Protectionhttps://techlib.barracuda.com/display/BWAFv76/Slow+Client+Attack+Preventionhttps://techlib.barracuda.com/display/BWAFv76/Configuring+DDoS+Policyhttps://techlib.barracuda.com/display/BWAFv76/Configuring+IP+Reputation+Filterhttps://techlib.barracuda.com/display/BWAFv76/Enabling+Data+Theft+Protectionhttps://techlib.barracuda.com/display/BWAFv76/Configuring+User+Defined+Patternshttps://techlib.barracuda.com/display/BWAFv76/Access+Controlhttps://techlib.barracuda.com/display/BWAFv76/Load+Balancing+Overviewhttps://techlib.barracuda.com/display/BWAFv76/Configuring+Caching+and+Compressionhttps://techlib.barracuda.com/display/BWAFv76/How+to+Configure+Rate+Controlhttps://techlib.barracuda.com/display/BWAFv76/Logging%2C+Reporting+and+Monitoringhttps://techlib.barracuda.com/attachments/download/BWAFv76/4259932/Barracuda_Web_Application_Firewall_Rest_API_Version_1.pdfhttps://techlib.barracuda.com/display/BWAFv76/How+to+Configure+Syslog+and+other+Logshttps://techlib.barracuda.com/display/BWAFv76/System+Log+Messageshttps://techlib.barracuda.com/display/BWAFv76/Mitigating+Website+Vulnerabilities+using+Vulnerability+Scannershttps://techlib.barracuda.com/display/BWAFv76/Mitigating+Website+Vulnerabilities+using+Vulnerability+Scannershttps://techlib.barracuda.com/display/BWAFv76/System+Log+Messageshttps://techlib.barracuda.com/display/BWAFv76/How+to+Configure+Syslog+and+other+Logshttps://techlib.barracuda.com/attachments/download/BWAFv76/4259932/Barracuda_Web_Application_Firewall_Rest_API_Version_1.pdfhttps://techlib.barracuda.com/display/BWAFv76/Logging%2C+Reporting+and+Monitoringhttps://techlib.barracuda.com/display/BWAFv76/How+to+Configure+Rate+Controlhttps://techlib.barracuda.com/display/BWAFv76/Configuring+Caching+and+Compressionhttps://techlib.barracuda.com/display/BWAFv76/Load+Balancing+Overviewhttps://techlib.barracuda.com/display/BWAFv76/Access+Controlhttps://techlib.barracuda.com/display/BWAFv76/Configuring+User+Defined+Patternshttps://techlib.barracuda.com/display/BWAFv76/Enabling+Data+Theft+Protectionhttps://techlib.barracuda.com/display/BWAFv76/Configuring+IP+Reputation+Filterhttps://techlib.barracuda.com/display/BWAFv76/Configuring+DDoS+Policyhttps://techlib.barracuda.com/display/BWAFv76/Slow+Client+Attack+Preventionhttps://techlib.barracuda.com/display/BWAFv76/Enabling+Brute+Force+Protectionhttps://techlib.barracuda.com/display/BWAFv76/Enabling+Clickjacking+Protection+for+a+Servicehttps://techlib.barracuda.com/display/BWAFv76/How+to+Secure+HTTP+Cookieshttps://techlib.barracuda.com/display/BWAFv76/How+to+Configure+Adaptive+Profilinghttps://techlib.barracuda.com/display/BWAFv76/Enabling+Antivirus+Protection+for+File+Uploads+and+Downloadshttps://techlib.barracuda.com/display/BWAFv76/Web+Services+and+XML+Firewall+Protectionhttps://techlib.barracuda.com/attachments/download/BWAFv76/4259932/Barracuda_Web_Application_Firewall_QSG.pdfhttps://techlib.barracuda.com/display/BWAFv76/Getting+Startedhttps://techlib.barracuda.com/display/BWAFv76/Virtual+Deploymenthttps://techlib.barracuda.com/display/BWAFv76/Deployment+Optionshttps://www.barracuda.com/assets/docs/Datasheets/Barracuda_Web_Application_Firewall_800-900_Hardware_DS_US.pdfhttps://www.barracuda.com/assets/docs/Datasheets/Barracuda_Web_Application_Firewall_800-900_Hardware_DS_US.pdfhttps://www.barracuda.com/assets/docs/Datasheets/Barracuda_Web_Application_Firewall_DS_US.pdf8/12/2019 Barracuda Web Application Firewal l- Overview
14/23
High AvailabilityThe Barracuda Web Application Firewall blocks an ever-expanding list of sophisticated web-based intrusions and attacks that
target applications hosted on web servers and in the cloud. The Barracuda Web Application Firewall scans all inbound web
traffic to block attacks, and inspects the HTTP responses from the configured back-end servers for Data Loss Prevention
(DLP). The integrated access control engine enables administrators to create granular access control policies for
Authentication, Authorization & Accounting (AAA) without having to change the application. The onboard L4/L7 Load
Balancing capabilities enable organizations to quickly add back-end servers to scale deployments as they grow. Its
application acceleration capabilities like SSL Offloading, caching, compression, and connection pooling ensures faster
application delivery of the web application content.
The Barracuda Web Application Firewall is available in multiple models and can be used to securely deploy applications of
any size. For information on available models, refer Barracuda Web Application Firewall Datasheetand 860/960 Hardware
Datasheet.
Where to Start
Learn about your Deployment Options.
If you have the Barracuda Web Application Firewall Vx virtual machine, start here: Virtual Deployment .
If you have the Barracuda Web Application Firewall appliance, start here: Getting Started.
Alternatively, you can download the Barracuda Web Application Firewall Quick Start Guide.
Key Features
Protection against common, high-visibility attacks SQL injection, Cross Site Scripting, Command injection, CSRF, XML
attacks, Antivirus Protection, Adaptive Profiling
Protection against attacks based on session state Session Hijacking, Cookie Tampering, Clickjacking
Brute Force Attack Prevention
Application denial of service (DoS) protection Slow Client Attack, DDoS Preventionusing CAPTCHA, IP Reputation Filter
Data Theft Protection Deep inspects all server responses to prevent leakage of sensitive information using provided
default patterns (credit card data, social security numbers, etc.) or User Defined Patterns(Custom Patterns).
Website Cloaking Strips identifying banners of web server software and version numbers and provides customizable
HTTP error handling to defeat server fingerprinting attacks (Suppressing error codes and filtering headers).
Access Control Form and Basic Authentication and Single Sign On with integrations into LDAP, RADIUS, CA SiteMinder,
RSA SecurID, Kerberos, SMS Passcode
Application Delivery Load Balancing, Caching and Compression, SSL Offloading, Rate Control
Logging, Reporting and Monitoring Inbuilt reporting module, Web Firewall Logs, Access Logs, Audit Logs, Configuring
Syslog
Additional Resources
Barracuda Web Application Firewall REST API Guide
Configuring Syslog and other Logs
System Log Messages
Mitigating Website Vulnerabilities using Vulnerability Scanners
https://techlib.barracuda.com/BWAFOverview 14 / 23
https://www.barracuda.com/assets/docs/Datasheets/Barracuda_Web_Application_Firewall_DS_US.pdfhttps://www.barracuda.com/assets/docs/Datasheets/Barracuda_Web_Application_Firewall_800-900_Hardware_DS_US.pdfhttps://www.barracuda.com/assets/docs/Datasheets/Barracuda_Web_Application_Firewall_800-900_Hardware_DS_US.pdfhttps://techlib.barracuda.com/display/BWAFv76/Deployment+Optionshttps://techlib.barracuda.com/display/BWAFv76/Virtual+Deploymenthttps://techlib.barracuda.com/display/BWAFv76/Getting+Startedhttps://techlib.barracuda.com/attachments/download/BWAFv76/4259932/Barracuda_Web_Application_Firewall_QSG.pdfhttps://techlib.barracuda.com/display/BWAFv76/Web+Services+and+XML+Firewall+Protectionhttps://techlib