The Barracuda Web Application Firewall protects Web sites and Web applications from attackers leveraging protocol or application vulnerabilities to instigate data theft, denial of service, or defacement of an organization’s Web site. Unlike traditional network firewalls or intrusion detection systems that simply pass HTTP, HTTPS, or FTP traffic for Web applications, the Barracuda Web Application Firewall proxies this traffic and inspects it for attacks to insulate Web servers from direct access by hackers.

Comprehensive Web Site Protection
The Barracuda Web Application Firewall provides award-winning protection from all common attacks on Web applications, including SQL injections, cross-site scripting attacks, session tampering, and buffer overflows. As a full proxy, the Barracuda Web Application Firewall blocks or cloaks attacks, while preventing sensitive outbound data leakage such as credit card or Social Security numbers.

In addition, the Barracuda Web Application Firewall mitigates broken access control to applications by preventing cookie tampering and corruption of an application’s access control system. Unlike intrusion detection systems that only analyze byte patterns, the Barracuda Web Application Firewall terminates HTTP traffic on behalf of the Web server to decode character sets, remove padded spacing, and normalize against common obfuscation techniques. For added security, the Barracuda Web Application Firewall provides full PKI integration for use with client certificates to verify identities of clients accessing the Web applications.

Advanced Traffic Management and Acceleration
To minimize ongoing administration associated with protecting Web sites against application vulnerabilities, the Barracuda Web Application Firewall automatically receives Energize Updates with the latest policy, security, and attack definitions. In addition to the comprehensive security benefits, there are also application delivery capabilities such as SSL offloading, SSL acceleration, and load balancing. These capabilities are designed to improve the performance, scalability, and manageability of today’s most demanding data center infrastructures.

Policy management for granular control by user, group, IP address range or time Internet application filtering by type, IP address or bandwidth usage SSL and proxy filtering for more stringent control of Web usage Gateway malware and integrated desktop spyware protection Integrates with LDAP and NTLM-based authentication servers to detect user events and gather credentials