When setting up Barracuda WAF-as-a-Service, it is helpful to understand the flow of traffic between Barracuda WAF-as-a-Service and your application servers.
The diagram above illustrates the following important points:
A. Barracuda Networks assigns a domain name to each application, as described in Endpoints. During setup, you will change your DNS records to point all of your application traffic to your Barracuda Networks endpoints.
B. Barracuda WAF-as-a-Service proxies your website traffic, protecting your website against attacks including OWASP Top 10, Bots, Account Take Over, and network attacks such as Distributed Denial-of-Service (DDoS).
C. Legitimate traffic is passed via your Internet link to your application servers, which process the request and return a response.
D. Barracuda WAF-as-a-Service proxies your application server’s responses, blocking sensitive information such as credit card and social security numbers, and masking information about your application server that could help attackers determine the operating system or server software you are running. It then returns the response to your users.