It seems like your browser didn't download the required fonts. Please revise your security settings and try again.

Login Sign Up Contact & Support

United States – English (GMT-5)

Email Protection

Total Email Protection

Email Gateway Defense (Email Security)

Impersonation Protection (Sentinel)

Cloud Archiving Service

Security Awareness Training (PhishLine)

Email Security Gateway

Domain Fraud Protection

Incident Response

Message Archiver

WAF-as-a-Service

Web Application Firewall

Cloud Security Guardian

Load Balancer ADC

Vulnerability Manager

Vulnerability Remediation Service

WAF Control Center

Active DDoS Prevention

CloudGen Firewall

CloudGen Access

Network Access Client

Firewall Insights

Web Security Gateway

Web Security Agent

Firewall Policy Manager

Cloud-to-Cloud Backup

RMM (Managed Workplace)

Managed Security Awareness Training (Managed Phishline)

Intronis Backup (ECHOplatform)

MSP Knowledge Base

Site Security Scanner

MSP – Partner Enablement

NextGen Firewall X

Server Backup (Yosemite)

Campus Help Center / Reference

Onboarding Portal

Network Security

Support Services

Barracuda WAF-as-a-Service

Overview Documentation Training Certification Materials

Email Protection

Total Email Protection

Email Gateway Defense (Email Security)

Impersonation Protection (Sentinel)

Cloud Archiving Service

Security Awareness Training (PhishLine)

Email Security Gateway

Domain Fraud Protection

Incident Response

Message Archiver

WAF-as-a-Service

Web Application Firewall

Cloud Security Guardian

Load Balancer ADC

Vulnerability Manager

Vulnerability Remediation Service

WAF Control Center

Active DDoS Prevention

CloudGen Firewall

CloudGen Access

Network Access Client

Firewall Insights

Web Security Gateway

Web Security Agent

Firewall Policy Manager

Cloud-to-Cloud Backup

RMM (Managed Workplace)

Managed Security Awareness Training (Managed Phishline)

Intronis Backup (ECHOplatform)

MSP Knowledge Base

Site Security Scanner

MSP – Partner Enablement

NextGen Firewall X

Server Backup (Yosemite)

Campus Help Center / Reference

Onboarding Portal

Network Security

Support Services

Login Sign Up Contact & Support

United States – English (GMT-5)

Understanding Traffic Flow with Barracuda WAF-as-a-Service

Last updated on 2022-04-27 14:09:54

When setting up Barracuda WAF-as-a-Service, it is helpful to understand the flow of traffic between Barracuda WAF-as-a-Service and your application servers.

The diagram above illustrates the following important points:

A. Barracuda Networks assigns a domain name to each application, as described in Endpoints. During setup, you will change your DNS records to point all of your application traffic to your Barracuda Networks endpoints.

B. Barracuda WAF-as-a-Service proxies your website traffic, protecting your website against attacks including OWASP Top 10, Bots, Account Take Over, and network attacks such as Distributed Denial-of-Service (DDoS).

C. Legitimate traffic is passed via your Internet link to your application servers, which process the request and return a response.

D. Barracuda WAF-as-a-Service proxies your application server’s responses, blocking sensitive information such as credit card and social security numbers, and masking information about your application server that could help attackers determine the operating system or server software you are running. It then returns the response to your users.

Note

Note that if your application servers are behind a network firewall performing Network Address Translation (NAT), you must configure the network firewall to expose these application servers on a public IP address. For your convenience, you can use multiple ports on the same IP address to expose multiple application servers. Make sure to configure your network firewall to only allow connections to these addresses directly from Barracuda Networks, as described in Restricting Direct Traffic.