Forum Discussion

mElhoussini_204's avatar
mElhoussini_204
Icon for Nimbostratus rankNimbostratus
Aug 28, 2015

Server - Server integration through WAF

Hi,

 

our company requires integration with other companies servers (web based).

 

is that recommended to pass SVR-SVR traffic through WAF and apply SSL-offloading ? or WAF and SSL-offloading used in client-SVR traffic ? I'm just asking about the best practice and the common method.

 

1 Reply

  • If your organization is sending traffic to other web-servers, then I would not do any WAF. The WAF is protecting the final web-servers from any potential attacks within the http content.

     

    In this case, the web-servers are in another 3rd party organization. You would end up using your resources to sanitize/secure the http requests sent to those servers.

     

    So I would not do it.

     

    Having said that, there might be situations in which you might want it for response validations for information leakage, etc.

     

    cheers.