We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda WAF-as-a-Service

Understanding Traffic Flow with Barracuda WAF-as-a-Service

  • Last updated on

When setting up Barracuda WAF-as-a-Service, it is helpful to understand the flow of traffic between Barracuda WAF-as-a-Service and your application servers.



The diagram above illustrates the following important points:

A. Barracuda assigns an IP Address to each application, as described in Endpoints. During setup, you will change your DNS records to point all of your application traffic to your Barracuda endpoints.

B. Barracuda WAF-as-a-Service’s Cloud Scrubbing Centers filter incoming traffic from users, blocking network attacks such as Distributed Denial-of-Service (DDoS); application attacks, such as SQL Injection and Cross-Site Scripting; and bad bots.

C. Legitimate traffic is passed via your Internet link to your application servers, which process the request and return a response.

D. Barracuda WAF-as-a-Service’s Cloud Scrubbing Centers filter your application server’s response data, blocking sensitive information such as credit card and social security numbers, and masking information about your application server that could help attackers determine the operating system or server software you are running. It then returns the response data to your users.


Note that if your application servers are behind a network firewall performing Network Address Translation (NAT), you must configure the network firewall to expose these application servers on a public IP address. For your convenience, you can use multiple ports on the same IP address to expose multiple application servers. Make sure to configure your network firewall to only allow connections to these addresses directly from Barracuda, as described in Restricting Direct Traffic.

Last updated on