Introduction to Link11 WAAP

Product overview, architecture, and how it works

Welcome!

Link11 offers an all-in-one WAAP platform. It includes a next-gen Web Application Firewall (WAF), autoscaling Denial of Service (DoS)/Distributed Denial of Service (DDoS) protection, advanced bot management, real-time traffic monitoring & control, full historical logs & analytics, and more.

Link11 WAAP runs on the customer’s clouds of choice, whether the Link11 Network and Web Security solution, or any of the top-tier public cloud providers (AWS, Azure, and GCP). It protects web applications, services and microservices, and API endpoints.

Platform overview

L11WAAP deploys as a reverse proxy, continually analyzing incoming traffic. Benign traffic is passed through to the customer's origin, while hostile traffic is blocked and denied access.

The platform's overall architecture is as follows:

Cloud-based web security

  • L11WAAP deploys and runs in the customer's choice of clouds, whether private (Link11) or public (AWS, GCP, or Azure).

  • All incoming traffic is routed through L11WAAP and scrubbed as it passes through. Latency is negligible (generally 1.5 milliseconds or less).

  • Hostile traffic is blocked before it reaches the protected network. Legitimate traffic has normal access to the requested resources.

  • Attackers cannot reach, or even find, the targeted web platform.

  • Bandwidth, compute, and other resources scale automatically as needed.

  • Remote management ensures minimal obligations (of time or expertise) from onsite staff.

  • L11WAAP supports various methods of authentication such as Basic, Digest, and Kerberos. (Note that NTLM cannot work with reverse proxies, and thus L11WAAP does not support NTLM sites/applications.)

Full integration

L11WAAP is integrated with, and runs natively on, multiple cloud platforms. It leverages the advantages of each. Examples:

  • When L11WAAP runs on Link11, customers can use Secure CDN, Link11 load balancing, Infrastructure DDoS for offloading Layer 3 protection, and more.

  • On GCP, L11WAAP can act as the 'threat detection engine' for Cloud Armor, automating and extending its capabilities, and blocking attacks at the edges.

  • On Azure, L11WAAP integrates with Azure Security Center to fit smoothly into existing customer workflows.

  • On AWS, L11WAAP integrates with AWS WAF and Shield, adding granularity, control, and many other additional capabilities to AWS's native security features.

PreviousKnown IssuesNextTraffic Filtering Process

Last updated

Was this helpful?