Barracuda Web Application Controller

Barracuda Web Application Controllers — the Barracuda Web Application Firewall and the Barracuda Application Gateway — provide superior protection against hackers’ attempts to exploit vulnerabilities in enterprise Web applications.

Unsurpassed breadth of features, real-world performance and ease of use, have earned the Barracuda Web Application Controllers numerous industry awards and praise from data center customers worldwide.

Request Eval Unit »

Barracuda Web Application Controllers proxy all of your Web site traffic, providing complete protection in front of your Web sites. Capabilities include:

• HTTP protocol compliance. At a basic level, Barracuda Web Application Controllers verify that all inbound requests comply with the HTTP specification. For example, inbound requests with more than one Content-Length header are typically the basis of HTTP request smuggling attacks; therefore they are illegal according to the HTTP specification and are blocked automatically.
• Protection against common, high-visibility attacks. Hackers can take advantage of vulnerabilities in your online Web forms to attack your applications. Barracuda Web Application Controllers protect your Web applications against SQL injections, OS command injections and cross-site scripting attacks.
• Protection against attacks based on session state. Barracuda Web Application Controllers protect your Web applications against any attacks based on session state, such as forms tampering or cookie tampering.
• Online form field validation. Through a positive security model, Barracuda Web Application Controllers can ensure that requests conform with a developer’s intention. For example, if a developer specifies that a field should contain 40 characters of text input, any attempt by an attacker to inject a Trojan or a virus will be rejected outright because it does not conform to that input pattern.
• Outbound data theft protection. In addition to inspecting the request traffic, Barracuda Web Application Controllers also inspect all outbound packets for any data pattern expressible as a UNIX-style regular expression. Built-in policies protect all major credit cards and US Social Security number patterns and new data patterns can be added at any time. Inspection for outbound leakage of these patterns can be applied to security policy on-the-fly.
• Web site cloaking. To prevent hackers from doing reconnaissance on your Web infrastructure, Barracuda Web Application Controllers automatically strip identifying banners of Web server software and version numbers out of all transactions.
• Anti-crawling. While some Web crawlers, such as search engines, are often desirable, you may wish to prevent all other users from downloading your entire site. Barracuda Web Application Controllers can easily identify and allow legitimate crawlers while blocking more malicious ones.
• Rate controls and application denial of service (DoS) protection. You can specify a performance cap for your application, above which traffic is queued. Rate controls ensure that applications are not pushed beyond their performance limits, preventing application-layer DoS.
• Advanced learning modes and fine-grained control. Barracuda Web Application Controllers feature automatic “profiling” of Web sites based on traffic passing through the system as well as automatic fine-grain rules creation based on both HTTP requests and responses down to the level of individual HTML elements.