HTTP & Https

A Web Application Firewall (WAF) like F5 ASM can protect HTTP applications by detecting and preventing various attacks, but its effectiveness is limited due to the unencrypted nature of HTTP. While WAFs can enforce security policies and block malicious traffic, they cannot secure data in transit, ensure session security, or provide integrity assurance. For comprehensive security, it is recommended to use WAF in conjunction with HTTPS to protect data confidentiality and compliance.

Uploaded by

Mati Chala

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

11 views3 pages

HTTP & Https

Uploaded by

Mati Chala

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 3

Yes, a Web Application Firewall (WAF) like F5 ASM is technically capable of protecting applications

served over HTTP, but its effectiveness is limited by the inherent weaknesses of the HTTP protocol.

✅ Can a WAF Protect HTTP?

Yes — WAFs can inspect and enforce security policies on HTTP traffic, including:
Detection/prevention of attacks like:
SQL Injection (SQLi)
Cross-site Scripting (XSS)
Cross-site Request Forgery (CSRF)
Command injection, etc.
Enforcing rules based on:
URI patterns
Headers
Request body parameters
Cookies
User agents
Rate limiting, IP blocking, bot protection, and other L7 controls

WAF does not rely on encryption to apply these rules — it only needs access to the application-layer
traffic, which is readily available in HTTP.

🔍 How Effective Is It Compared to HTTPS?

🔴 1. Exposure to Interception (WAF Can’t Help Here)
HTTP traffic is unencrypted, so:
Attackers can intercept and read data (including usernames/passwords).
Session hijacking is easier via packet sniffing or MITM attacks.
Sensitive headers (e.g., cookies) can be stolen.

🛡️ WAF protects the app, not the network or transmission layer — so it cannot protect against
threats introduced between client and server.
🔴 2. Authentication & Session Security
HTTP exposes login credentials and session tokens during transit.
WAF cannot encrypt or secure these on its own.

⚠️ 3. No Integrity Assurance
With HTTP, there's no cryptographic verification that traffic was altered.
An attacker in the middle can tamper with the request/response.
WAF may see the tampered request after it's already compromised.

✅ 4. WAF's Strengths Still Apply

WAF can block malicious payloads, malformed requests, protocol abuse.
It still offers:
Signature-based blocking
Behavioral anomaly detection
Virtual patching
Geo IP filtering

But its protection stops at the application layer, and it doesn’t encrypt or hide data in transit.

🧭 Conclusion
Criteria HTTP + WAF HTTPS + WAF

L7 Attack Protection ✅ Effective ✅ Effective

Data Confidentiality ❌ Not protected ✅ Protected

Session Security ❌ At risk ✅ Protected

Criteria HTTP + WAF HTTPS + WAF

Integrity Assurance ❌ None ✅ Built-in

Compliance Support ❌ Often fails audits ✅ Meets most standards

📌 Final Recommendation:
WAF can protect HTTP traffic, but it’s only half the solution.
For full security and compliance:
Use WAF with HTTPS.
Enable SSL offloading or bridging on your F5.
Use internal SSL if apps are internal-only.

Bypassing Web Application Firewall Workshop Ebook
100% (1)
Bypassing Web Application Firewall Workshop Ebook
85 pages
Web Application Firewall (WAF)
No ratings yet
Web Application Firewall (WAF)
11 pages
Blockchain Unconfirmed Transaction Hack Scripttxt
100% (1)
Blockchain Unconfirmed Transaction Hack Scripttxt
5 pages
WAFFLE - A Web Application Firewall That Defies Rules
No ratings yet
WAFFLE - A Web Application Firewall That Defies Rules
58 pages
Web Application Firewalls For Dummies
No ratings yet
Web Application Firewalls For Dummies
35 pages
WAF Evasion Techniques
No ratings yet
WAF Evasion Techniques
9 pages
5 Ways I Bypassed Your Web Application Firewall (WAF)
100% (1)
5 Ways I Bypassed Your Web Application Firewall (WAF)
18 pages
Indian Army Cyber Shakti IT CTF 2025 POC - Walkthrough
No ratings yet
Indian Army Cyber Shakti IT CTF 2025 POC - Walkthrough
8 pages
Web Firewall Setup Guide
No ratings yet
Web Firewall Setup Guide
188 pages
WAF (Web Application Firewall)
100% (1)
WAF (Web Application Firewall)
5 pages
Web Application Firewall Guide
No ratings yet
Web Application Firewall Guide
15 pages
Vulnerability and Penetration Testing
No ratings yet
Vulnerability and Penetration Testing
30 pages
F5 BIG-IP ASM - AWAF Administration (Feb, 2023) 1
No ratings yet
F5 BIG-IP ASM - AWAF Administration (Feb, 2023) 1
473 pages
What Is WAF - Definition, Functions, and Types
No ratings yet
What Is WAF - Definition, Functions, and Types
6 pages
Web Application Firewall Insights
No ratings yet
Web Application Firewall Insights
14 pages
Traffic Shield: Rainer Singer
No ratings yet
Traffic Shield: Rainer Singer
30 pages
We Already Have Existing Protection Solutions, What Value Does F5 Add?
No ratings yet
We Already Have Existing Protection Solutions, What Value Does F5 Add?
2 pages
Cybersecurity Public Policy - Bradley Fowler Kennedy Maranga
No ratings yet
Cybersecurity Public Policy - Bradley Fowler Kennedy Maranga
201 pages
Designing Security Cheat Sheet For Mod Security Firewall Tool
No ratings yet
Designing Security Cheat Sheet For Mod Security Firewall Tool
5 pages
Web App Firewall: SQL Injection Defense
No ratings yet
Web App Firewall: SQL Injection Defense
21 pages
Hillstone W Series V3.5 en
No ratings yet
Hillstone W Series V3.5 en
5 pages
Introduction To Web Application Firewalls: Dustin Anders
No ratings yet
Introduction To Web Application Firewalls: Dustin Anders
42 pages
Gartner - Magic Quadrant For WAF
No ratings yet
Gartner - Magic Quadrant For WAF
41 pages
4waf - Web Application Firewall
No ratings yet
4waf - Web Application Firewall
5 pages
WEB APP Firewall
No ratings yet
WEB APP Firewall
7 pages
WAF (Web Application Firewall)
No ratings yet
WAF (Web Application Firewall)
11 pages
Web Application Fire Wall 1
No ratings yet
Web Application Fire Wall 1
2 pages
WAF Configuration Guide
No ratings yet
WAF Configuration Guide
187 pages
What Is WAF
No ratings yet
What Is WAF
4 pages
UpdatedMicrosoftSC 900ExamQuestionsAnswersPDFfor2024
No ratings yet
UpdatedMicrosoftSC 900ExamQuestionsAnswersPDFfor2024
6 pages
F5 Advanced WAF: Key Benefits
No ratings yet
F5 Advanced WAF: Key Benefits
2 pages
Context API
No ratings yet
Context API
7 pages
SlidesGo-Web Application Firewall
No ratings yet
SlidesGo-Web Application Firewall
14 pages
Bandwidth - Bot Protection - Proactive Monitoring
No ratings yet
Bandwidth - Bot Protection - Proactive Monitoring
5 pages
Web Security
No ratings yet
Web Security
12 pages
Chuong03 WebApplicationFirewall
No ratings yet
Chuong03 WebApplicationFirewall
40 pages
BH US 12 Ristic Protocol Level WP
No ratings yet
BH US 12 Ristic Protocol Level WP
18 pages
NSFOCUS WAF Datasheet2
No ratings yet
NSFOCUS WAF Datasheet2
5 pages
Waf or Ips?: Info Brief
No ratings yet
Waf or Ips?: Info Brief
2 pages
IOTC Asynchronous
No ratings yet
IOTC Asynchronous
3 pages
Profile On Temperate Fruit Tree Seedling Multiplication
No ratings yet
Profile On Temperate Fruit Tree Seedling Multiplication
21 pages
Profile On Candle
100% (1)
Profile On Candle
18 pages
Lecture 7
No ratings yet
Lecture 7
48 pages
Progress Report Dipti
No ratings yet
Progress Report Dipti
42 pages
5 Tools To Manage Your Money Efficiently
No ratings yet
5 Tools To Manage Your Money Efficiently
9 pages
Questions
No ratings yet
Questions
43 pages
Cryptography 32 Page-5
No ratings yet
Cryptography 32 Page-5
1 page
Web Application Firewalls: Defense in Depth For Your Web Infrastructure
No ratings yet
Web Application Firewalls: Defense in Depth For Your Web Infrastructure
6 pages
6 Excellent Tips by Warren Buffett
No ratings yet
6 Excellent Tips by Warren Buffett
8 pages
3concept of Software Usability
No ratings yet
3concept of Software Usability
30 pages
Raid Forensics
No ratings yet
Raid Forensics
24 pages
OWASPAppSecEU2006 WAFs WhenAreTheyUseful
No ratings yet
OWASPAppSecEU2006 WAFs WhenAreTheyUseful
44 pages
Wafmanis sp24
No ratings yet
Wafmanis sp24
18 pages
Web Security for Developers
No ratings yet
Web Security for Developers
36 pages
Web Application Firewall To Protect Against Web Application Vulnerabilities: A Survey and Comparison
No ratings yet
Web Application Firewall To Protect Against Web Application Vulnerabilities: A Survey and Comparison
4 pages
See How We Stacked Up!-1
No ratings yet
See How We Stacked Up!-1
66 pages
Now Tech Web Application
No ratings yet
Now Tech Web Application
17 pages
Final Zachman and TOGAF Enterprise Framework
100% (1)
Final Zachman and TOGAF Enterprise Framework
12 pages
Windows Logon Types for SOC Analysts
No ratings yet
Windows Logon Types for SOC Analysts
28 pages
Students File Management System
No ratings yet
Students File Management System
25 pages
Grandstream Networks, Inc.: UCM Series IP PBX
No ratings yet
Grandstream Networks, Inc.: UCM Series IP PBX
28 pages
Show Demo Slides
No ratings yet
Show Demo Slides
16 pages
Habits of The Top 1%
No ratings yet
Habits of The Top 1%
12 pages
What Is Web Application Firewall
No ratings yet
What Is Web Application Firewall
30 pages
Chatbots: Revolutionizing Business
No ratings yet
Chatbots: Revolutionizing Business
28 pages
Home Automation Using IoT
No ratings yet
Home Automation Using IoT
21 pages
05 Introduction WAF
No ratings yet
05 Introduction WAF
2 pages
Digital Ad Performance Audit
No ratings yet
Digital Ad Performance Audit
12 pages
f5 Distributed Cloud Services Base Package 250528 084337
No ratings yet
f5 Distributed Cloud Services Base Package 250528 084337
6 pages
108 Maturity Essay
No ratings yet
108 Maturity Essay
2 pages
Lecture 18 IS BSE 7A SMI Fall 2024
No ratings yet
Lecture 18 IS BSE 7A SMI Fall 2024
32 pages
Mahek Reasearch PPR
No ratings yet
Mahek Reasearch PPR
5 pages
How To Spy Whatsapp in A Few Easy Steps
No ratings yet
How To Spy Whatsapp in A Few Easy Steps
9 pages
Facebook Data Privacy Scandal Analysis
100% (3)
Facebook Data Privacy Scandal Analysis
1 page
Discovering Public Domain Books
No ratings yet
Discovering Public Domain Books
399 pages
7 Habits for Effective Learning
No ratings yet
7 Habits for Effective Learning
11 pages
Airtel Setting Modem
No ratings yet
Airtel Setting Modem
1 page
Network Protocols and Architecture: (Application Layer and Services)
No ratings yet
Network Protocols and Architecture: (Application Layer and Services)
15 pages
CHO Cloud Computing
No ratings yet
CHO Cloud Computing
8 pages
Domain Name - Wikipedia
No ratings yet
Domain Name - Wikipedia
12 pages
WEB Application FIreWalll
No ratings yet
WEB Application FIreWalll
7 pages
4.1 Web Application Vulnerabilities - OWASP - ZSS
No ratings yet
4.1 Web Application Vulnerabilities - OWASP - ZSS
20 pages
Bosch Whitepaper Data Security
No ratings yet
Bosch Whitepaper Data Security
8 pages
Web Application Firewall Evaluation Criteria
No ratings yet
Web Application Firewall Evaluation Criteria
22 pages
Pervasive
No ratings yet
Pervasive
3 pages
Cryptography: Concepts & Types
No ratings yet
Cryptography: Concepts & Types
3 pages
Evading All Web-Application Firewalls Xss Filters: September 2015
No ratings yet
Evading All Web-Application Firewalls Xss Filters: September 2015
19 pages
Waf - Study
No ratings yet
Waf - Study
12 pages
20131119-Bader Security Operating Procedures-U-Logs4 PDF
No ratings yet
20131119-Bader Security Operating Procedures-U-Logs4 PDF
4 pages
Managing Active Directory in A Hybrid Environment
No ratings yet
Managing Active Directory in A Hybrid Environment
30 pages
How Big Are Porn Video Sites
No ratings yet
How Big Are Porn Video Sites
12 pages
Cindy Lee Resume May2013
No ratings yet
Cindy Lee Resume May2013
1 page
FTP Server: Phd. Alcides Montoya Canola, Est. Carlos Andres Ballesteros Universidad Nacional de Colombia - Sede Medellin
No ratings yet
FTP Server: Phd. Alcides Montoya Canola, Est. Carlos Andres Ballesteros Universidad Nacional de Colombia - Sede Medellin
5 pages
Where's The Movie Theater?: 1. Pre-Listening Exercises
No ratings yet
Where's The Movie Theater?: 1. Pre-Listening Exercises
3 pages
Day 2
No ratings yet
Day 2
37 pages
Retail Internet Banking FAQs New
No ratings yet
Retail Internet Banking FAQs New
3 pages
Cbse Class 10 Fit Book PDF
No ratings yet
Cbse Class 10 Fit Book PDF
2 pages
206 Request For Approval of Master'S Thesis Topic: Personal Data
No ratings yet
206 Request For Approval of Master'S Thesis Topic: Personal Data
1 page
WAF Evasion Techniques
No ratings yet
WAF Evasion Techniques
12 pages
ICND1 Exam Topics - The Cisco Learning Network
No ratings yet
ICND1 Exam Topics - The Cisco Learning Network
1 page
Firewalls and Web Security
No ratings yet
Firewalls and Web Security
1 page
IP Camera Security Risks
No ratings yet
IP Camera Security Risks
9 pages
Nordstrom Case Analysis: Dissension
No ratings yet
Nordstrom Case Analysis: Dissension
2 pages
Software မ်ားကို Crack လုပ္နည္းမ်ိဳးစံု
No ratings yet
Software မ်ားကို Crack လုပ္နည္းမ်ိဳးစံု
3 pages
Multiple Choice Test Template
No ratings yet
Multiple Choice Test Template
4 pages