इलेक्‍ट्रॉनिकी और सूचना प्रौद्योगिकी मंत्रालय, भारत सरकार


This Web Application Firewall solution is presently being provided at the NDCSP and Hyderabad National Data Centres of NIC. The Web Application Firewall is a prime requirement in NIC for an effective protection mechanism against web application attacks. In the course of a web application threat eventuality, a dedicated solution like Web Application Firewall (WAF) is desired to be positioned for strengthening the perimeter-level security of NIC.

The Web Application Firewall intended to be placed in the NIC would block an ever-expanding list of sophisticated web-based intrusions and attacks that target applications hosted on web servers and in the cloud. It would also help in tracking emerging attack vectors at the application level and in taking safeguarding measures to restrict the same.

Key features of security provided by WAF placed in NIC are as follows:
  • The Web Application Firewall scans all inbound web traffic to block attacks and inspects the HTTP responses from the configured back-end servers for data loss prevention (DLP).

  • The integrated access control engine enables administrators to create granular access control policies for authentication, authorization, and accounting (AAA) without having to change the application.

  • Its application acceleration delivery capabilities, like SSL offloading, load balancing, caching, compression, and connection pooling, ensure faster application delivery of the web application content.

  • Protection against common, high-visibility attacks: SQL injection, cross-site scripting, command injection, CSRF, XML attacks, and malicious file execution.

  • Protection against attacks based on session state: session hijacking, cookie tampering, and clickjacking

  • Brute Force Attack Prevention

  • Application Denial of Service (DoS) Protection: Slow Client Attack, DDoS Prevention using CAPTCHA, IP Reputation Filter

  • Data Theft Protection: Deep inspects all server responses to prevent leakage of sensitive information using provided default patterns (credit card data, social security numbers, etc.) or user-defined patterns (custom patterns).

  • Website Cloaking: Strips identifying banners of web server software and version numbers and provides customizable HTTP error handling to defeat server fingerprinting attacks (suppressing error codes and filtering headers).

  • Logging, Reporting, and Monitoring: Inbuilt reporting module; Web Firewall Logs; Access Logs; Audit Logs; Configuring Syslog.

  • Restrict the access of critical parts of an application, like CMS, to defined trusted IPs.

  • The WAF is in high-availability mode.

How to Avail the Services

Registered Cloud users may Click here and submit their Service Request (SR) to avail the above service, whereas new users ( i.e., users not yet registered for cloud ) are requested to first apply for the Cloud Registration with reference to the On-boarding procedure.

Not sure where to begin? We're here to help.

Please describe the problem you are trying to solve. The experts at NIC Cloud will help you find the right solution.