Nova has a full OWASP 10 safe WAF that can be attached to any HTTP/SSL ADC. This provides protection against SQL injection, cross site scripting, worms, hacking attempts, denial of service, spam and much more.

WAF Introduction

A Web Application Firewall (WAF) is a firewall for HTTP applications, websites, APIs and more. It applies a set of rules to an HTTP or HTTPS request and response. Generally, these rules cover common attacks such as cross-site forgery, cross-site-scripting (XSS), file inclusion, and SQL injection, and more. While proxies generally protect clients, WAFs protect your servers. Nova's WAF also includes ML-enhanced pattern matching to detect unknown threats or 0-day attacks.

By deploying a WAF in front of a web application, a shield is placed between the web application and the Internet. A WAF operates through a set of rules, on Nova called a ruleset. These policies aim to protect against vulnerabilities in the application by filtering out malicious traffic.

During a DDoS attack, a WAF can automatically rate limit traffic as well. Some WAFs, like Nova WAF, also provide protection against spam, brute force attacks, and more.

WAF Rulesets

Nova WAF includes the OWASP Core Ruleset (CRS). You can whitelist rule numbers in the WAF Rule Whitelist menu item, and it will automatically apply across your organization to any WAFs that are online.


The Nova WAF requires far more CPU power than the standard Nova does, due to the high amount of load caused by inspecting and securing every request. This means you want to aim for high clock speeds, and additional CPU cores on your WAF.

The Nova Autoscaler also measures the WAFs load and is able to scale out if the WAF is overloaded.