GCDS Banner


GCDS Web Application Firewall (WAF)

GCDS WAF is a cloud-based, managed solution that allows web applications to block and detect malicious requests without adding infrastructure or management overhead to implement an on-premise device.  With no recurring costs, GCDS WAF is a cost-effective solution to mitigating web application attacks, backed by a technology that is used to protect public sector, e-commerce, and Fortune 500 web sites around the world.

DOD customers, including the warfighter, demand the convenience and benefits that web applications provide globally. Dynamic web sites with disparate web content sources are required to support such growing expectations, and allow for a richer and more interactive experience for the end-users anytime and anywhere. However, these complex web applications with global footprints introduce security risks to the enterprise. Data leakage, web site defacement, and other cyber attack exposure can present a serious risk to fielding mission essential web applications. As a result, DOD web applications accessed from NIPRNet and SIPRNet are an attractive target for hackers and continue to face security challenges. An effective security strategy requires a WAF to protect against attacks.


DISA’s GCDS WAF operates as an embedded process within the GCDS platform that is capable of inspecting both HTTP and HTTPS requests, and detect potential web application attacks before the server and/or data center is asked to serve the request..

It provides customers and security response teams with vital information that can be used to detect and block anomalous and potentially malicious patterns. It provides customers with summary reporting on attacks through the GCDS portal. Customers who need more detailed visibility and information about the attack traffic can configure the firewall to send logs to their log management system directly for analysis.

Customers may deploy GCDS WAF independently or as part of an existing security ecosystem. The GCDS WAF provides a distributed approach to web application security by leveraging industry leading commercial technology and GCDS’ distributed network architecture on the DODIN. This means that the GCDS WAF has the ability to detect and suppress malicious traffic near its source, at the edges of the NIPRNet/SIPRNet, to shield the application’s data center or web server infrastructure. In addition, the service scales automatically, on-demand, offering the capability to defend against massive-scale attacks. Because the GCDS WAF is available 24x7 on NIPRNet and SIPRNet as a DISA -managed service with type-accreditation, it can free agencies/commands from the need for constant upgrades of hardware, reducing capital and operational expenditure. It could also help enterprises comply with DOD information assurance (IA) requirements.

GCDS WAF is a highly scalable, outer defensive ring for web application protection. The module offers the following solutions to help prevent threats and exploitation techniques such as SQL Injection, Cross Site Scripting (XSS) and other HTTP attacks:

  1. Application Layer Controls: Detect and prevent application-layer attacks using a proven industry-standard rule set that provides security against major exploitation techniques including XSS and SQL Injections; customers may change firewall rules to customize the defense perimeter for each specific environment being protected.
  2. Rate Controls: Monitor and control the rate of requests against the GCDS platform and customer origin via policies leveraging client identifiers such as IP address, user agent, cookie, and session ID to help identify attackers hiding behind proxies and respond to bursts of requests within seconds.
  3. Network Layer Controls: Establish whitelists and blacklists of IP addresses that can be used for blocking or allowing traffic.

GCDS adds to the customer’s defense in depth:

GCDS Webapp Firewall 


  1. Common rule set for application layer filtering
  2. Adaptive rate controls
  3. IP blacklists and whitelists
  4. Alerting and monitoring
  5. 24x7 always-on protection