Barracuda Web Application Firewall

Protect Web Applications and Web Sites from Malicious Attacks

Product Tabs


Employing advanced technology, the Barracuda Web Application Firewall protects against all attacks that target application vulnerabilities: SQL injections, OS command injections, cross-site scripting and others.


Rate Control

The rate control feature lets administrators limit client access over selectable time periods to protect applications against DoS attacks and brute force attacks.


Client IP Reputation

Access from selected geographical regions or from anonymous proxies can be restricted using IP reputation capabilities.


XML Firewall

The XML firewall feature protects XML-based web applications against schema and WSDL poisoning, highly-nested elements, recursive passing and other XML-based attacks.



The cloaking feature suppresses server banners and error messages. This prevents HTTP return codes, headers and backend IP addresses from showing in response messages to help attackers.


Data Loss Prevention

Inspecting all outbound web traffic for content such as credit-card and Social Security numbers, the DLP feature is very effective at preventing the loss of confidential data.


Adaptive Profiling

Adaptive profiling is a feature that automatically builds and tunes positive security profiles for zero-hour protection. It lets administrators create granular whitelist rules by sampling web traffic.


Identity and Access Management

Barracuda Web Application Firewall offers features for robust IAM ranging from simple application authentication and authorization to full-featured Single Sign-On (SSO). These versatile IAM features are standard in all Barracuda Web Application Firewalls.


LDAP and RADIUS Authentication

The Barracuda Web Application Firewall fully integrates Active Directory, eDirectory and other RADIUS or LDAP-compatible authentication services.


Single Sign-On

Administrators can use the Barracuda Web Application Firewall as an SSO portal by itself or with third-party products without changing source code, IP addresses or infrastructure.


Two Factor Authentication

The Barracuda Web Application Firewall works with client authenticates and hardware tokens such as RSA SecurID to provide strong user authentication.


Access Control

Administrators can set granular policies controlling which web applications or resources individual users or user groups can access.


Application Delivery and Acceleration

The Barracuda Web Application Firewall integrates robust features for accelerating web applications and ensuring their reliability. Without these included features it would require several other costly solutions to receive the same performance benefits. The following features show why the Barracuda Web Application Firewall is the leading value in its class.


SSL Offloading

The Barracuda Web Application Firewall offloads SSL processing from backend web servers to free up server resources to accelerate web application processing.


Load Balancing

The load balancer feature routes traffic among backend servers to prevent latency from server congestion. It supports Layer 4 and Layer 7 cookie persistence and Layer 7 content switching using content cues.


Content Caching

By caching frequently requested web content, the Barracuda Web Application Firewall minimizes requests to back-end web servers conserving server and connection resources.


Data Compression

The Barracuda Web Application Firewall compresses data to reduce response times. This data compression feature is especially useful for providing services to smartphones and tablets.


Connection Pooling

Automatically pooling front-end connections into a single backend connection, the Barracuda Web Application Firewall reduces connection overhead that can affect server performance.


Appliance Clustering

Barracuda Web Application Firewalls can be clustered in active / passive or active / active pairs with failover to ensure high availability.


Web Server High Availability

The load balancer feature provides failover among web servers in a pool ensuring high availability for web applications.


Monitoring and Reporting

The Barracuda Web Application Firewall provides instant feedback to administrators who deploy, manage and secure mission critical applications.



A dashboard in the Web UI provides instant visibility into attack statistics, system performance, traffic, resource usage and other information helpful for troubleshooting and management.



The Barracuda Web Application Firewall maintains a complete set of web firewall, access, audit and system logs. These can be exported to third-party tools for deep analysis.



The Barracuda Web Application Firewall features prebuilt and custom reports about attacks, traffic statistics and compliance with PCI-DSS. Reports can be scheduled for automatic delivery via email.


Syslog Support

The Barracuda Web Application Firewall forwards logs to a syslog server for central, persistent storage or for analysis by a third-party tool.