With cybercriminal attacks on the rise, organizations need to do more than ever to mitigate risks to their applications on the web. Application security is a multifaceted and ever-changing task and must be applied at multiple levels of the infrastructure that serves applications. Security must be provided on the network before requests reach the backend application servers, and Progress has the experience and the tools you need to do this. Deploying Progress® MOVEit® WAF with the Web Application Firewall (WAF) enabled as part of your network infrastructure helps deliver in-depth security for your web servers and applications.

The WAF enables secure deployment of web applications, preventing Layer 7 attacks while maintaining core load balancing services, ensuring comprehensive application delivery and security. WAF functionality directly augments the MOVEit WAF’s existing security features to create a layered defense for web applications - enabling a safe, compliant, and productive use of published services.

Note: WAF is only available on certain subscriptions. Please contact a Progress representative if needed.

When WAF is enabled, the WAF engine scans every incoming HTTP packet – running through each assigned rule individually and deciding what action to take if a rule is triggered. The rules can be run on requests and responses.

WAF can protect against attacks, such as:

  • SQL Injection

  • Cross-Site Scripting (XSS)

  • Unvalidated redirects and forwards

  • Missing function-level access control

  • Sensitive data exposure

Document Purpose

The purpose of this document is to describe the WAF features and provide step-by-step instructions on how to configure the WAF settings in MOVEit WAF.