WAF concepts
This section covers concepts to help navigate the different components of your web application firewall configurations.
Application
The term Application can refer to one of two things:
-
A unique web application domain configured within your FortiAppSec Cloud deployment.
-
A billing unit created when you complete the Add Application steps or add a Content Routing rule. Each billing application has a distinct Web Application Name but may share a domain name, such as in content routing or multi-port applications. This definition is used to calculate usage for billing purposes.
Different areas of the UI may refer to either of these definitions. The specific meaning will be indicated where applicable.
Endpoints
Your Endpoints configuration determines the types of front-end traffic forwarded to your application's backend servers, helping to reduce potential security vulnerabilities.
An endpoint generally refers to any device or system that sends or receives network traffic. In this case, the WAF acts as the receiving endpoint for client requests, securing and distributing traffic to backend servers.
Route
A route refers to the configuration that determines how incoming web traffic is directed to the appropriate destination or origin server based on specified rules, such as URL paths, headers, or query parameters.
In FortiAppSec Cloud, the Content Routing feature allows you to manage traffic distribution with greater granularity by defining specific routing rules within a shared WAF configuration.
For example, if multiple web applications are using the same fully qualified domain name (FQDN) but are hosted on different servers, you can create distinct routes for each application based on the requested URL. In the diagram below, traffic to /app1 is routed to an origin server, and requests to /app2 will be routed to a different origin server. To configure this for a web application domain or a specific unit within the WAF > Applications list in FortiAppSec Cloud, please see Content Routing.
Origin server
An origin server refers to the backend server or servers where your web applications are hosted. these servers handle the processing and delivering of content such as HTML pages, images, or API responses to users. The origin servers are the final destination for requests once they have been inspected and processed by FortiAppSec Cloud.
Configuring server pools under WAF > Network> Origin Servers helps FortiAppSec Cloud effectively direct traffic to the desired origin servers, based on the configured load balancing algorithm and persistence method.
Scrubbing Center
A scrubbing center is a security point that filters malicious traffic, protecting against cyberattacks.
Fortinet scrubbing centers operate across AWS, GCP, and Azure platforms to inspect and scrub traffic before it reaches origin servers. They integrate with cloud security tools like load balancers, DDoS protection, and WAFs to enhance application security.
Scrubbing centers filter incoming traffic for threats, applying policies like rate limiting, IP reputation checks, threat intelligence, and bot protection. After filtering out malicious traffic, clean traffic is forwarded directly or distributed via load balancing or Global Server Load Balancer (GSLB) to origin servers.