# Web App Firewall (WAF) DuploCloud allows you to integrate Web Application Firewalls (WAFs) to enhance the security of your applications. To get started, create the WAF in your cloud provider’s console. Once it's available, you can attach it to public-facing load balancers (ALBs) in the DuploCloud Portal to help protect your applications against common web threats such as SQL injection and cross-site scripting (XSS). ## Creating a Web Application Firewall (WAF) When you create a WAF in DuploCloud, it is added to the Web ACL list for the selected Plan. You can then attach the WAF to specific load balancers as needed.\ \ Additionally, you have the option to set a WAF as the default for the Plan. When this option is selected, DuploCloud will automatically attach the WAF to all newly created public-facing load balancers, such as AWS Application Load Balancers (ALBs) or Azure Shared Application Gateways, providing consistent, automated protection across your infrastructure. 1. In the DuploCloud Portal, navigate to **Administrator** -> **Plans**. 2. From the **NAME** column, select the Plan you want to update. 3. Click the **WAF** tab. 4. Click **Add**. The **Add WAF** pane displays.

The Add WAF pane

5. Complete the following fields.
NameType a friendly name for your WAF to identify it within DuploCloud.
WAF ARNEnter the full Amazon Resource Name (ARN) for AWS, or the equivalent resource ID for Azure.
WAF Dashboard URLFor AWS environments only, enter the URL to the WAF dashboard for monitoring and analytics. This is not required in Azure.
Set as Default WAFOptionally, select this option to make this WAF the default for all new public-facing load balancers created in this Plan.
6. Click **Create**. ## Setting a Default WAF in a Plan When [adding a WAF to a Plan](#creating-a-web-application-firewall-waf), you can make it the default by selecting the **Set as Default WAF** checkbox in the **Add WAF** pane. DuploCloud automatically attaches the default WAF to all new public-facing load balancers created in that Plan, including AWS Application Load Balancers (ALBs) and Azure Shared Application Gateways. {% hint style="info" %} **Note:** * The default WAF applies only to load balancers created **after** the default is set; existing load balancers are unaffected. * It attaches only to **public-facing** load balancers, not internal or private ones. {% endhint %} ## Attaching a WAF to a Load Balancer {% hint style="warning" %} Only ALB Load Balancers can be attached to a WAF. {% endhint %} 1. If you don't yet have an Application Load Balancer (ALB), [create one](https://docs.duplocloud.com/docs/overview/aws-services/load-balancers#adding-a-load-balancer). 2. In the **Other Settings** card, click **Edit**. The **Other Load Balancer Settings** pane displays.

The Other Load Balancer Settings pane

3. From the **Web ACL** list box, select a [WAF that you have added to DuploCloud](#creating-a-web-application-firewall-waf). 4. Complete the other required fields in the **Other Load Balancer Settings** pane. 5. Click **Update**. ## Analyzing inbound traffic with the WAF dashboard DuploCloud also provides a WAF Dashboard through which you can analyze the traffic that is coming in and the requests that are blocked. The Dashboard can be accessed from the left navigation panel: **Observability** -> **WAF**. ![WAF Dashboard](https://2471407984-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F68cb0s9ce5UIUKWPuYs8%2Fuploads%2Fd2EbpLaFliuMpECtVETT%2Fwaf.png?alt=media\&token=65caa08a-ce44-4bd4-a029-aafa44a33d30)