When setting up Barracuda WAF-as-a-Service, it is helpful to understand the flow of traffic between Barracuda WAF-as-a-Service and your application servers.
The diagram above illustrates the following important points:
A. Barracuda assigns an IP Address to each application, as described in Endpoints. During setup, you will change your DNS records to point all of your application traffic to your Barracuda endpoints.
B. Barracuda WAF-as-a-Service’s Cloud Scrubbing Centers filter incoming traffic from users, blocking network attacks such as Distributed Denial-of-Service (DDoS); application attacks, such as SQL Injection and Cross-Site Scripting; and bad bots.
C. Legitimate traffic is passed via your Internet link to your application servers, which process the request and return a response.
D. Barracuda WAF-as-a-Service’s Cloud Scrubbing Centers filter your application server’s response data, blocking sensitive information such as credit card and social security numbers, and masking information about your application server that could help attackers determine the operating system or server software you are running. It then returns the response data to your users.