# Introduction to Link11 WAAP

## Welcome!

Link11 offers an all-in-one WAAP platform. It includes a next-gen Web Application Firewall (WAF), autoscaling Denial of Service (DoS)/Distributed Denial of Service (DDoS) protection, advanced bot management, real-time traffic monitoring & control, full historical logs & analytics, and more. 

Link11 WAAP runs on the customer’s clouds of choice, whether the Link11 Network and Web Security solution, or any of the top-tier public cloud providers (AWS, Azure, and GCP). It protects web applications, services and microservices, and API endpoints.

## Platform overview 

L11WAAP deploys as a reverse proxy, continually analyzing incoming traffic. Benign traffic is passed through to the customer's origin, while hostile traffic is blocked and denied access. 

The platform's overall architecture is as follows: 

<figure><img src="https://2966474948-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FcxktceFryDnM5HLHONr8%2Fuploads%2FNzJgD3Ft7RPTmEr821tV%2FArchitecture-generic.png?alt=media&#x26;token=30899e9a-a841-4d97-a6f2-ba3e05a5c901" alt=""><figcaption></figcaption></figure>

### Cloud-based web security

* L11WAAP deploys and runs in the customer's choice of clouds, whether private (Link11) or public (AWS, GCP, or Azure).&#x20;
* All incoming traffic is routed through L11WAAP and scrubbed as it passes through. Latency is negligible (generally 1.5 milliseconds or less).&#x20;
* Hostile traffic is blocked before it reaches the protected network. Legitimate traffic has normal access to the requested resources.&#x20;
* Attackers cannot reach, or even find, the targeted web platform.
* Bandwidth, compute, and other resources scale automatically as needed.&#x20;
* Remote management ensures minimal obligations (of time or expertise) from onsite staff.
* L11WAAP supports various methods of authentication such as Basic, Digest, and Kerberos. (Note that NTLM cannot work with reverse proxies, and thus L11WAAP does not support NTLM sites/applications.)&#x20;

### Full integration

L11WAAP is integrated with, and runs natively on, multiple cloud platforms. It leverages the advantages of each. Examples:

* When L11WAAP runs on Link11, customers can use Secure CDN, Link11 load balancing, Infrastructure DDoS for offloading Layer 3 protection, and more.
* On GCP, L11WAAP can act as the 'threat detection engine' for Cloud Armor, automating and extending its capabilities, and blocking attacks at the edges.
* On Azure, L11WAAP integrates with Azure Security Center to fit smoothly into existing customer workflows.
* On AWS, L11WAAP integrates with AWS WAF and Shield, adding granularity, control, and many other additional capabilities to AWS's native security features.