Barracuda Web Application Controllers provide complete and efficient application security, control and protocol compliance by operating on a foundation principle – full TCP and HTTP session termination or proxying.
TCP Session Termination
Before doing security checks, content-based traffic switching or content manipulation, on the application traffic the application controller first takes control of the session. Barracuda Web Application Controllers perform full TCP session termination by collecting the packets and reconstructing the full HTTP session. After this process is completed Barracuda Web Application Controllers are able to run all necessary security checks on the incoming data in the most efficient manner (which Barracuda Networks calls ‘stateful security’ screening). At this point it can also do content-based traffic switching and/or content manipulation. Thus, by keeping the user data outside the network and sending only sanitized data into the private network, the Barracuda Web Application Controllers provide a complete layer of security to the operating systems and applications residing within the private network. In addition, acceleration techniques can also be applied. This control gives users a powerful tool for assuring application availability, security and response time.
SSL Termination
Secure Sockets Layer (SSL) is a popular method for encrypting sensitive data transferred over the Internet. However the SSL “handshake” process is processor-intensive and can have a significant negative impact on server performance. Barracuda Web Application Controllers provide a complete set of SSL and Transport Layer Security protocol (TLS) features which allow the application controller to offload major cryptographic functionality from the application servers, thus enhancing server performance.
The encrypted traffic needs to be decrypted before any security checks can be performed on the actual HTTP request, making SSL termination a mandatory requirement of an application controller.
HTTP Traffic Normalization and Compliance
Web traffic is typically encoded using a variety of character encoding schemes and failing to handle the differences of HTTP encoded data and international character sets could lead to security exploits since an attacker can “hide” his attack in the encoding. Barracuda Web Application Controllers use a comprehensive HTTP normalization engine to decrypt and normalize all application traffic. Attacks are identified and blocked before they can reach the server.
URL Rate Control
Heavy traffic can impose significant load on application servers, causing servers to overload resulting in very high response times. Barracuda Web Application Controllers address this issue by controlling the rate of requests that are delivered to the application from a single or group of IP addresses based on rates specified by the administrator. This is crucial to prevent application servers from being overloaded by hackers sending valid traffic in large volumes.