Barracuda Web Application Firewall 660 - BWF660A

  • 10-25 Backend Servers
  • 200 Mbps Throughput
  • 30,000 HTTP Transactions/Sec.
  • 10,000 HTTP Connections/Sec.
  • 12,000 HTTPS Connections/Sec.
  • 500,000 Concurrent Connections
  • The Barracuda Web Application Firewall blocks an ever-expanding list of sophisticated web-based intrusions and attacks that target the applications hosted on your web servers—and the sensitive or confidential data to which they have access.

    Barracuda Web Application Firewall gives your DevOps and application security teams comprehensive security that is easy to deploy and manage. Physical, virtual, and in the cloud—Barracuda Web Application Firewall eliminates application vulnerabilities and protects your web applications against application DDoS, SQL Injection, Cross-Site Scripting, and other advanced attacks.

    The Barracuda Advantage

  • State-of-the-art security utilizing full reverse-proxy architecture
  • Malware protection for collaborative web applications
  • Employs IP Reputation intelligence to defeat DDoS attacks
  • No user-based or module-based licensing
  • Designed to make it easier for organizations to comply with regulations such as PCI DSS and HIPAA
  • Cloud-based scan with Barracuda Vulnerability Manager
  • Automatic vulnerability remediation

Constant Protection from Evolving Threats

The Barracuda Web Application Firewall provides superior protection against data loss, DDoS, and all known application-layer attack modalities. Automatic updates provide defense against new threats as they appear. As new types of threats emerge, it will acquire new capabilities to block them.

Identity and Access Management

The Barracuda Web Application Firewall has strong authentication and access control capabilities that ensure security and privacy by restricting access to sensitive applications or data to authorized users.

Affordable and Easy to Use

Pre-built security templates and intuitive web interface provide immediate security without the need for time-consuming tuning or application learning. Integration with security vulnerability scanners and SIEM tools automates the assessment, monitoring, and mitigation process.

Secure Applications On-Premises or in the Public Cloud

The Barracuda Web Application Firewall provides comprehensive, reverse-proxy-based protection for applications deployed in physical, virtual, or public cloud environments data centers. In addition to applications hosted on-premises, Barracuda Web Application Firewall can natively scale and migrate with applications deployed in public cloud platforms like Amazon Web Services (AWS) and Microsoft Azure.

Available with flexible pricing options including bring-your-own-license and pay-as-you-go via AWS Marketplace and Azure Marketplace, the Barracuda Web Application Firewall is built to can help you seamlessly transition from on-premises to cloud infrastructures while maintaining the same familiar experience.

Product Spotlight

Comprehensive inbound attack protection including the OWASP Top 10 Built-in caching, compression, and TCP pooling ensure security without performance impacts Identity-based user access control for web applications Built-in data loss prevention ICSA certified

Application Attack and DDoS Protection

The Barracuda Web Application Firewall provides robust security against targeted and automated attacks. OWASP Top 10 attacks like SQL Injections and Cross-Site Scripting (XSS) are automatically identified and logged. Administrators have the ability to set granular controls on response, allowing them to block, throttle, redirect, or perform a number of other actions.

Advanced DDoS protection capabilities allow administrators to distinguish real users from botnets through the use of heuristic fingerprinting and IP reputation, thereby allowing them to block, throttle, or challenge suspicious traffic. It is the only product in the industry to offer integrated IP reputation intelligence that combines real-time situational insights and historical intelligence to secure against application DDoS using a variety of risk assessment techniques such as application-centric thresholds, protocol checks, session integrity, active and passive client challenges, historical client reputation blacklists, geo-location, and anomalous idle-time detection.

Adaptive Profiling

Adaptive profiling enables administrators to build positive security profiles of their applications by sampling web traffic from trusted hosts. Once enabled, the positive security profiles allow administrators to enforce granular whitelist rules on sensitive parts of the application. This greatly reduces the risk of attacks and helps prevent zero-day vulnerabilities by restricting input only to inputs that meet strict standards.

Server Cloaking

Often the first step of any targeted attack is to probe public-facing applications to find out details about the underlying servers, databases, and operating systems. Cloaking prevents attack reconnaissance of protected applications by suppressing server banners, error messages, HTTP headers, return codes, debug information, or backend IP addresses from leaking to a potential attacker. Without any details of the underlying infrastructure, it is much more difficult to target attacks, thereby reducing the risk of breach.

Protection for Mobile Applications, REST APIs and AJAX

Mobile application and REST APIs today rely on JSON (JavaScript Object Notation) to transfer data. However, this opens a whole new attack surface which is often overlooked and hard to secure by traditional scan-testing or pen-testing approaches. The Barracuda Web Application Firewall secures the entire attack surface of mobile applications and REST APIs, filters malicious inputs in requests with JSON payloads, helps ensure API SLAs to partners, and provides anti-pharming protection from rogue consumers. Interactive web applications using JSON with AJAX are similarly protected.

XML Firewall

Applications that rely on XML can now be secured with an XML Firewall capability that secures applications against schema and WSDL poisoning, highly-nested elements, recursive parsing, and other XML-based attacks. This secures communications between client and application or between applications from different systems closing an often overlooked attack vector.

Web Scraping Protection

Web Scraping involves copying large amounts of data from a website or application using automated tools. This is often done for commercial advantages that are to the detriment of the organisation that owns the web application. Typically, the motivation of the attacker is to undercut competition, steal leads, hijack marketing campaigns, and appropriate data via the web application. Examples include theft of intellectual property from digital publishers, scraping products and pricing information from e-commerce sites, and stealing listings on real estate, auto dealers and travel sites.

The Barracuda Web Application Firewall protects against web scraping by detecting and blocking malicious bots from accessing the website. Advanced detection techniques include the ability to set honeytraps to identify malicious bots and headless browser detection. Site administrators can also set whitelists for allowing specific bots, such as search engine crawlers to access the website. The Barracuda Web Application Firewall validates all bot traffic against known signatures before allowing them access to the website.

Data Loss Prevention

Deployed as a reverse-proxy, the Barracuda Web Application Firewall inspects all inbound traffic for attacks and outbound traffic for sensitive data. Content such as credit card numbers, U.S. social security numbers, or any other custom patterns can be identified by the Barracuda Web Application Firewall and either blocked or masked without administrator intervention. Best of all, the information is logged and can be used by administrators to find potential leaks.

Iron-clad URL Tamper Prevention via URL Encryption

Attacks on a web-based application often start by analyzing and tampering with its URLs. Barracuda Web Application Firewalls, models 660 and above, come with a unique URL Encryption feature that allows administrators to encrypt URLs before they are sent to clients. The original URLs or the directory structure are never exposed externally to prying eyes. Users of the web applications interact and navigate the site using only encrypted URLs, which are decrypted by the WAF on the way back in. The decryption process immediately identifies URL query or parameter tampering, malicious content injection or blind forceful browsing attacks.


The Barracuda Web Application Firewall is designed to provide easy, cost-effective assistance to help administrators comply with major application-specific requirements like PCI-DSS, HIPAA, FISMA, and SOX. It is certified by a number of third-party testing labs including ICSA Labs as an effective Web Application Firewall solution. The Barracuda Web Application Firewall directly satisfies section 6.6 of PCI-DSS and assists compliance with built-in PCI compliance reports. Its robust identity and access management and data loss prevention (DLP) capabilities ensure privacy of sensitive data. A FIPS 140-2 HSM model ensures that applications it protects meet the highest cryptographic standards.

Integrations: Cavium Networks

Vulnerability Scanner Integration

Security organizations often use vulnerability scanners to look for exploitable weaknesses in their applications. Barracuda has the ability to integrate with popular scanners like IBM AppScan and Cenzic Hailstorm to automatically configure an application's security template to protect against identified issues. All of this is automatically configured using the output of the scanners without any administrator intervention.

Integrations: Barracuda Vulnerability Manager, Cenzic Hailstorm, HPE Security WebInspect , HPE Security Fortify On Demand , IBM AppScan.

In addition, the Barracuda Web Application Firewall integrates with over 20 vulnerability scanners via Denim Threadfix integration

Advanced Threat Detection

The Barracuda Web Application Firewall seamlessly integrates with Barracuda Advanced Threat Detection (BATP) to provide security against advanced threats. Simply add BATP to the Barracuda WAF to block advanced zero-hour threats. By analyzing files in a CPU-emulation based sandbox, it can detect and block malware embedded deep inside files uploaded to your web site or web application. At a time when advanced threats like ransomware are causing havoc, BATP ensures defense in depth against malicious threats.

You may also like

Recently viewed