{"id":18091,"date":"2025-10-14T09:54:49","date_gmt":"2025-10-14T02:54:49","guid":{"rendered":"https:\/\/interdata.vn\/blog\/?p=18091"},"modified":"2026-05-04T13:29:57","modified_gmt":"2026-05-04T06:29:57","slug":"waf-la-gi","status":"publish","type":"post","link":"https:\/\/interdata.vn\/blog\/waf-la-gi\/","title":{"rendered":"WAF l\u00e0 g\u00ec? C\u00e1ch ho\u1ea1t \u0111\u1ed9ng &#038; T\u1ea7m quan tr\u1ecdng &#038; L\u1ee3i \u00edch b\u1ea3o m\u1eadt Web"},"content":{"rendered":"<p>Trong b\u1ed1i c\u1ea3nh an ninh m\u1ea1ng ng\u00e0y c\u00e0ng ph\u1ee9c t\u1ea1p, vi\u1ec7c b\u1ea3o v\u1ec7 <a href=\"https:\/\/interdata.vn\/blog\/website-la-gi\/\">website<\/a> kh\u00f4ng ch\u1ec9 d\u1eebng l\u1ea1i \u1edf vi\u1ec7c c\u00f3 m\u1ed9t m\u1eadt kh\u1ea9u m\u1ea1nh hay c\u00e0i \u0111\u1eb7t <a href=\"https:\/\/interdata.vn\/blog\/chung-chi-ssl\/\">SSL<\/a>. <strong>WAF (<a href=\"https:\/\/interdata.vn\/blog\/web-application-la-gi\/\">Web Application<\/a> Firewall)<\/strong> \u0111\u00f3ng vai tr\u00f2 nh\u01b0 m\u1ed9t l\u1edbp b\u1ea3o v\u1ec7 quan tr\u1ecdng, gi\u00fap ng\u0103n ch\u1eb7n c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng v\u00e0o <a href=\"https:\/\/interdata.vn\/blog\/application-layer-la-gi\/\">t\u1ea7ng \u1ee9ng d\u1ee5ng<\/a> web nh\u01b0 <a href=\"https:\/\/interdata.vn\/blog\/structured-query-language-sql-la-gi\/\">SQL<\/a> Injection, Cross-Site Scripting (<a href=\"https:\/\/interdata.vn\/blog\/tan-cong-xss-la-gi\/\">XSS<\/a>), v\u00e0 DDoS. B\u00e0i vi\u1ebft n\u00e0y InterData s\u1ebd gi\u00fap b\u1ea1n hi\u1ec3u WAF l\u00e0 g\u00ec, c\u00e1ch ho\u1ea1t \u0111\u1ed9ng c\u1ee7a WAF, vai tr\u00f2 c\u1ee7a n\u00f3 trong vi\u1ec7c b\u1ea3o v\u1ec7 d\u1eef li\u1ec7u v\u00e0 l\u00fd do t\u1ea1i sao WAF l\u00e0 y\u1ebfu t\u1ed1 kh\u00f4ng th\u1ec3 thi\u1ebfu trong h\u1ec7 th\u1ed1ng b\u1ea3o m\u1eadt c\u1ee7a c\u00e1c doanh nghi\u1ec7p hi\u1ec7n \u0111\u1ea1i.<\/p>\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_84 counter-hierarchy ez-toc-counter ez-toc-white ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">N\u1ed8I DUNG<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 eztoc-toggle-hide-by-default' ><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/interdata.vn\/blog\/waf-la-gi\/#WAF-la-gi\" >WAF l\u00e0 g\u00ec?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/interdata.vn\/blog\/waf-la-gi\/#Tai-sao-website-can-su-dung-WAF\" >T\u1ea1i sao website c\u1ea7n s\u1eed d\u1ee5ng WAF?<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/interdata.vn\/blog\/waf-la-gi\/#Bao-ve-ung-dung-web-khoi-cac-cuoc-tan-cong\" >B\u1ea3o v\u1ec7 \u1ee9ng d\u1ee5ng web kh\u1ecfi c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/interdata.vn\/blog\/waf-la-gi\/#Giam-sat-va-loc-luu-luong-truy-cap-o-tang-ung-dung-tang-7-OSI\" >Gi\u00e1m s\u00e1t v\u00e0 l\u1ecdc l\u01b0u l\u01b0\u1ee3ng truy c\u1eadp \u1edf t\u1ea7ng \u1ee9ng d\u1ee5ng (t\u1ea7ng 7 OSI)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/interdata.vn\/blog\/waf-la-gi\/#Giam-thieu-rui-ro-va-thoi-gian-xu-ly-su-co-bao-mat\" >Gi\u1ea3m thi\u1ec3u r\u1ee7i ro v\u00e0 th\u1eddi gian x\u1eed l\u00fd s\u1ef1 c\u1ed1 b\u1ea3o m\u1eadt<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/interdata.vn\/blog\/waf-la-gi\/#Tang-tinh-kha-dung-va-hieu-suat-cua-ung-dung-web\" >T\u0103ng t\u00ednh kh\u1ea3 d\u1ee5ng v\u00e0 hi\u1ec7u su\u1ea5t c\u1ee7a \u1ee9ng d\u1ee5ng web<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-7\" href=\"https:\/\/interdata.vn\/blog\/waf-la-gi\/#Ho-tro-tuan-thu-cac-quy-dinh-bao-mat\" >H\u1ed7 tr\u1ee3 tu\u00e2n th\u1ee7 c\u00e1c quy \u0111\u1ecbnh b\u1ea3o m\u1eadt<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-8\" href=\"https:\/\/interdata.vn\/blog\/waf-la-gi\/#Kha-nang-tuy-chinh-va-cap-nhat-linh-hoat\" >Kh\u1ea3 n\u0103ng t\u00f9y ch\u1ec9nh v\u00e0 c\u1eadp nh\u1eadt linh ho\u1ea1t<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-9\" href=\"https:\/\/interdata.vn\/blog\/waf-la-gi\/#Cac-loai-WAF-pho-bien-hien-nay\" >C\u00e1c lo\u1ea1i WAF ph\u1ed5 bi\u1ebfn hi\u1ec7n nay<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-10\" href=\"https:\/\/interdata.vn\/blog\/waf-la-gi\/#Network-based-WAF-WAF-dua-tren-phan-cung\" >Network-based WAF (WAF d\u1ef1a tr\u00ean ph\u1ea7n c\u1ee9ng)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-11\" href=\"https:\/\/interdata.vn\/blog\/waf-la-gi\/#Host-based-WAF-WAF-dua-tren-phan-mem\" >Host-based WAF (WAF d\u1ef1a tr\u00ean ph\u1ea7n m\u1ec1m)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-12\" href=\"https:\/\/interdata.vn\/blog\/waf-la-gi\/#Cloud-WAF-WAF-dua-tren-dam-may\" >Cloud WAF (WAF d\u1ef1a tr\u00ean \u0111\u00e1m m\u00e2y)<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-13\" href=\"https:\/\/interdata.vn\/blog\/waf-la-gi\/#WAF-hoat-dong-nhu-the-nao\" >WAF ho\u1ea1t \u0111\u1ed9ng nh\u01b0 th\u1ebf n\u00e0o?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-14\" href=\"https:\/\/interdata.vn\/blog\/waf-la-gi\/#WAF-bao-ve-website-khoi-nhung-loai-tan-cong-nao\" >WAF b\u1ea3o v\u1ec7 website kh\u1ecfi nh\u1eefng lo\u1ea1i t\u1ea5n c\u00f4ng n\u00e0o?<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-15\" href=\"https:\/\/interdata.vn\/blog\/waf-la-gi\/#Tan-cong-SQL-Injection\" >T\u1ea5n c\u00f4ng SQL Injection<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-16\" href=\"https:\/\/interdata.vn\/blog\/waf-la-gi\/#Tan-cong-Cross-Site-Scripting-XSS\" >T\u1ea5n c\u00f4ng Cross-Site Scripting (XSS)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-17\" href=\"https:\/\/interdata.vn\/blog\/waf-la-gi\/#Tan-cong-Brute-Force-Credential-Stuffing\" >T\u1ea5n c\u00f4ng Brute Force &amp; Credential Stuffing<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-18\" href=\"https:\/\/interdata.vn\/blog\/waf-la-gi\/#Va-cac-lo-hong-khac-trong-OWASP-Top-10\" >V\u00e0 c\u00e1c l\u1ed7 h\u1ed5ng kh\u00e1c trong OWASP Top 10<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-19\" href=\"https:\/\/interdata.vn\/blog\/waf-la-gi\/#Tai-sao-doanh-nghiep-cua-ban-can-trien-khai-WAF\" >T\u1ea1i sao doanh nghi\u1ec7p c\u1ee7a b\u1ea1n c\u1ea7n tri\u1ec3n khai WAF?<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-20\" href=\"https:\/\/interdata.vn\/blog\/waf-la-gi\/#Chong-that-thoat-du-lieu-va-bao-ve-uy-tin\" >Ch\u1ed1ng th\u1ea5t tho\u00e1t d\u1eef li\u1ec7u v\u00e0 b\u1ea3o v\u1ec7 uy t\u00edn<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-21\" href=\"https:\/\/interdata.vn\/blog\/waf-la-gi\/#Dap-ung-cac-tieu-chuan-tuan-thu-bao-mat-PCI-DSS\" >\u0110\u00e1p \u1ee9ng c\u00e1c ti\u00eau chu\u1ea9n tu\u00e2n th\u1ee7 b\u1ea3o m\u1eadt (PCI-DSS)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-22\" href=\"https:\/\/interdata.vn\/blog\/waf-la-gi\/#Giam-ganh-nang-cho-doi-ngu-phat-trien-Dev\" >Gi\u1ea3m g\u00e1nh n\u1eb7ng cho \u0111\u1ed9i ng\u0169 ph\u00e1t tri\u1ec3n (Dev)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-23\" href=\"https:\/\/interdata.vn\/blog\/waf-la-gi\/#Ngan-chan-downtime-dam-bao-hoat-dong-kinh-doanh\" >Ng\u0103n ch\u1eb7n downtime, \u0111\u1ea3m b\u1ea3o ho\u1ea1t \u0111\u1ed9ng kinh doanh<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-24\" href=\"https:\/\/interdata.vn\/blog\/waf-la-gi\/#Kien-truc-cua-Web-Application-Firewalls-WAF\" >Ki\u1ebfn tr\u00fac c\u1ee7a Web Application Firewalls (WAF)<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-25\" href=\"https:\/\/interdata.vn\/blog\/waf-la-gi\/#Vi-tri-trien-khai-tuong-lua-ung-dung-web-WAF\" >V\u1ecb tr\u00ed tri\u1ec3n khai t\u01b0\u1eddng l\u1eeda \u1ee9ng d\u1ee5ng web (WAF)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-26\" href=\"https:\/\/interdata.vn\/blog\/waf-la-gi\/#Mo-hinh-bao-mat-Positive-%E2%80%93-Negative\" >M\u00f4 h\u00ecnh b\u1ea3o m\u1eadt Positive \u2013 Negative<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-27\" href=\"https:\/\/interdata.vn\/blog\/waf-la-gi\/#Phan-biet-giua-blocklist-va-allowlist\" >Ph\u00e2n bi\u1ec7t gi\u1eefa blocklist v\u00e0 allowlist<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-28\" href=\"https:\/\/interdata.vn\/blog\/waf-la-gi\/#Uu-diem-han-che-cua-WAF\" >\u01afu \u0111i\u1ec3m &amp; h\u1ea1n ch\u1ebf c\u1ee7a WAF<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-29\" href=\"https:\/\/interdata.vn\/blog\/waf-la-gi\/#WAF-vs-Firewall-truyen-thong-Khac-nhau-nhu-the-nao\" >WAF vs Firewall truy\u1ec1n th\u1ed1ng: Kh\u00e1c nhau nh\u01b0 th\u1ebf n\u00e0o?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-30\" href=\"https:\/\/interdata.vn\/blog\/waf-la-gi\/#Su-khac-biet-giua-WAF-IPS-va-NGFW\" >S\u1ef1 kh\u00e1c bi\u1ec7t\u00a0gi\u1eefa WAF, IPS\u00a0v\u00e0 NGFW<\/a><ul class='ez-toc-list-level-3' ><li class='ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-31\" href=\"https:\/\/interdata.vn\/blog\/waf-la-gi\/#1-WAF-Web-Application-Firewall\" >1. WAF (Web Application Firewall)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-32\" href=\"https:\/\/interdata.vn\/blog\/waf-la-gi\/#2-IPS-Intrusion-Prevention-System\" >2. IPS (Intrusion Prevention System)<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-33\" href=\"https:\/\/interdata.vn\/blog\/waf-la-gi\/#3-NGFW-Next-Generation-Firewall\" >3. NGFW (Next Generation Firewall)<\/a><\/li><\/ul><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-34\" href=\"https:\/\/interdata.vn\/blog\/waf-la-gi\/#Top-5-WAF-pho-bien-va-hieu-qua-nhat-2025\" >Top 5 WAF ph\u1ed5 bi\u1ebfn v\u00e0 hi\u1ec7u qu\u1ea3 nh\u1ea5t 2025<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-35\" href=\"https:\/\/interdata.vn\/blog\/waf-la-gi\/#Khi-nao-nen-trien-khai-WAF-cho-website-cua-ban\" >Khi n\u00e0o n\u00ean tri\u1ec3n khai WAF cho website c\u1ee7a b\u1ea1n?<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-2'><a class=\"ez-toc-link ez-toc-heading-36\" href=\"https:\/\/interdata.vn\/blog\/waf-la-gi\/#Tieu-chi-lua-chon-nha-cung-cap-WAF-phu-hop\" >Ti\u00eau ch\u00ed l\u1ef1a ch\u1ecdn nh\u00e0 cung c\u1ea5p WAF ph\u00f9 h\u1ee3p<\/a><\/li><\/ul><\/nav><\/div>\n<h2><span class=\"ez-toc-section\" id=\"WAF-la-gi\"><\/span>WAF l\u00e0 g\u00ec?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p><strong>WAF (Web Application Firewall), hay <a href=\"https:\/\/interdata.vn\/blog\/tuong-lua-firewall\/\">T\u01b0\u1eddng l\u1eeda<\/a> \u1ee8ng d\u1ee5ng Web<\/strong>, l\u00e0 m\u1ed9t l\u1edbp b\u1ea3o m\u1eadt chuy\u00ean d\u1ee5ng ho\u1ea1t \u0111\u1ed9ng nh\u01b0 m\u1ed9t &#8220;t\u1ea5m khi\u00ean&#8221; ho\u1eb7c &#8220;b\u1ed9 l\u1ecdc&#8221; cho c\u00e1c \u1ee9ng d\u1ee5ng web c\u1ee7a b\u1ea1n. Nhi\u1ec7m v\u1ee5 ch\u00ednh c\u1ee7a WAF l\u00e0 gi\u00e1m s\u00e1t, l\u1ecdc v\u00e0 ch\u1eb7n m\u1ecdi l\u01b0u l\u01b0\u1ee3ng truy c\u1eadp HTTP\/HTTPS \u0111\u1ed9c h\u1ea1i \u0111i \u0111\u1ebfn website tr\u01b0\u1edbc khi ch\u00fang c\u00f3 th\u1ec3 g\u00e2y ra b\u1ea5t k\u1ef3 thi\u1ec7t h\u1ea1i n\u00e0o.<\/p>\n<p>\u0110\u1ec3 hi\u1ec3u r\u00f5 h\u01a1n WAF l\u00e0 g\u00ec, h\u00e3y h\u00ecnh dung n\u00f3 nh\u01b0 m\u1ed9t ng\u01b0\u1eddi l\u00ednh g\u00e1c c\u1ed5ng th\u00f4ng minh \u0111\u1ee9ng gi\u1eefa ng\u01b0\u1eddi d\u00f9ng <a href=\"https:\/\/interdata.vn\/blog\/mang-internet\/\">Internet<\/a> v\u00e0 <a href=\"https:\/\/interdata.vn\/blog\/web-server\/\">m\u00e1y ch\u1ee7 web<\/a> c\u1ee7a b\u1ea1n. Thay v\u00ec ch\u1ec9 ki\u1ec3m tra &#8220;gi\u1ea5y t\u1edd t\u00f9y th\u00e2n&#8221; chung chung nh\u01b0 t\u01b0\u1eddng l\u1eeda m\u1ea1ng truy\u1ec1n th\u1ed1ng, ng\u01b0\u1eddi l\u00ednh g\u00e1c n\u00e0y s\u1ebd ki\u1ec3m tra k\u1ef9 l\u01b0\u1ee1ng &#8220;h\u00e0nh l\u00fd&#8221; (n\u1ed9i dung y\u00eau c\u1ea7u) c\u1ee7a t\u1eebng ng\u01b0\u1eddi truy c\u1eadp. N\u1ebfu ph\u00e1t hi\u1ec7n b\u1ea5t k\u1ef3 d\u1ea5u hi\u1ec7u \u0111\u00e1ng ng\u1edd n\u00e0o \u2013 ch\u1eb3ng h\u1ea1n nh\u01b0 m\u00e3 \u0111\u1ed9c, n\u1ed7 l\u1ef1c khai th\u00e1c l\u1ed7 h\u1ed5ng \u2013 WAF s\u1ebd ngay l\u1eadp t\u1ee9c ch\u1eb7n y\u00eau c\u1ea7u \u0111\u00f3 l\u1ea1i.<\/p>\n<p>Kh\u00e1c v\u1edbi c\u00e1c gi\u1ea3i ph\u00e1p b\u1ea3o m\u1eadt kh\u00e1c, c\u00f4ng ngh\u1ec7 WAF t\u1eadp trung v\u00e0o L\u1edbp 7 (L\u1edbp \u1ee8ng d\u1ee5ng) trong m\u00f4 h\u00ecnh OSI. \u0110\u00e2y ch\u00ednh l\u00e0 l\u1edbp m\u00e0 ng\u01b0\u1eddi d\u00f9ng t\u01b0\u01a1ng t\u00e1c tr\u1ef1c ti\u1ebfp v\u1edbi website, v\u00e0 c\u0169ng l\u00e0 n\u01a1i x\u1ea3y ra c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng tinh vi nh\u1ea5t nh\u01b0 <a href=\"https:\/\/interdata.vn\/blog\/tan-cong-sql-injection-la-gi\/\">SQL Injection<\/a> hay Cross-Site Scripting (XSS).<\/p>\n<figure id=\"attachment_18094\" aria-describedby=\"caption-attachment-18094\" style=\"width: 800px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-18094\" src=\"https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2024\/09\/WAF-la-gi.jpg\" alt=\"WAF l\u00e0 g\u00ec?\" width=\"800\" height=\"500\" title=\"\" srcset=\"https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2024\/09\/WAF-la-gi.jpg 800w, https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2024\/09\/WAF-la-gi-300x188.jpg 300w, https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2024\/09\/WAF-la-gi-768x480.jpg 768w, https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2024\/09\/WAF-la-gi-750x469.jpg 750w\" sizes=\"auto, (max-width: 800px) 100vw, 800px\" \/><figcaption id=\"caption-attachment-18094\" class=\"wp-caption-text\">WAF l\u00e0 g\u00ec?<\/figcaption><\/figure>\n<h2><span class=\"ez-toc-section\" id=\"Tai-sao-website-can-su-dung-WAF\"><\/span>T\u1ea1i sao website c\u1ea7n s\u1eed d\u1ee5ng WAF?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>WAF (T\u01b0\u1eddng l\u1eeda \u1ee9ng d\u1ee5ng Web) \u0111\u00f3ng vai tr\u00f2 c\u1ef1c k\u1ef3 quan tr\u1ecdng trong vi\u1ec7c b\u1ea3o v\u1ec7 c\u00e1c \u1ee9ng d\u1ee5ng web kh\u1ecfi c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng m\u1ea1ng ng\u00e0y c\u00e0ng tinh vi v\u00e0 nguy hi\u1ec3m. D\u01b0\u1edbi \u0111\u00e2y l\u00e0 nh\u1eefng \u0111i\u1ec3m n\u1ed5i b\u1eadt th\u1ec3 hi\u1ec7n t\u1ea7m quan tr\u1ecdng c\u1ee7a WAF:<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Bao-ve-ung-dung-web-khoi-cac-cuoc-tan-cong\"><\/span><strong>B\u1ea3o v\u1ec7 \u1ee9ng d\u1ee5ng web kh\u1ecfi c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>WAF c\u00f3 kh\u1ea3 n\u0103ng ph\u00e1t hi\u1ec7n v\u00e0 ng\u0103n ch\u1eb7n c\u00e1c h\u00ecnh th\u1ee9c t\u1ea5n c\u00f4ng nh\u01b0 SQL Injection, Cross-Site Scripting (XSS), Remote File Inclusion (RFI), Local File Inclusion (LFI), v\u00e0 c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng DDoS. Nh\u1edd \u0111\u00f3, WAF gi\u00fap b\u1ea3o v\u1ec7 d\u1eef li\u1ec7u v\u00e0 h\u1ec7 th\u1ed1ng kh\u1ecfi b\u1ecb khai th\u00e1c c\u00e1c <a href=\"https:\/\/interdata.vn\/blog\/lo-hong-bao-mat-la-gi\/\">l\u1ed7 h\u1ed5ng b\u1ea3o m\u1eadt<\/a>.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Giam-sat-va-loc-luu-luong-truy-cap-o-tang-ung-dung-tang-7-OSI\"><\/span><strong>Gi\u00e1m s\u00e1t v\u00e0 l\u1ecdc l\u01b0u l\u01b0\u1ee3ng truy c\u1eadp \u1edf t\u1ea7ng \u1ee9ng d\u1ee5ng (t\u1ea7ng 7 OSI)<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>WAF ho\u1ea1t \u0111\u1ed9ng nh\u01b0 m\u1ed9t l\u1edbp b\u1ea3o v\u1ec7 trung gian, ki\u1ec3m tra v\u00e0 ph\u00e2n t\u00edch c\u00e1c y\u00eau c\u1ea7u HTTP\/HTTPS \u0111\u1ebfn \u1ee9ng d\u1ee5ng web \u0111\u1ec3 ph\u00e2n bi\u1ec7t gi\u1eefa l\u01b0u l\u01b0\u1ee3ng h\u1ee3p l\u1ec7 v\u00e0 c\u00e1c y\u00eau c\u1ea7u \u0111\u1ed9c h\u1ea1i, t\u1eeb \u0111\u00f3 ng\u0103n ch\u1eb7n k\u1ecbp th\u1eddi c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng.<\/p>\n<figure id=\"attachment_18095\" aria-describedby=\"caption-attachment-18095\" style=\"width: 800px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-18095\" src=\"https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2024\/09\/Vai-tro-cua-WAF-trong-viec-bao-ve-kiem-soat-va-phat-hien-tan-cong.png\" alt=\"Vai tr\u00f2 c\u1ee7a WAF trong vi\u1ec7c b\u1ea3o v\u1ec7, ki\u1ec3m so\u00e1t v\u00e0 ph\u00e1t hi\u1ec7n t\u1ea5n c\u00f4ng\" width=\"800\" height=\"500\" title=\"\" srcset=\"https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2024\/09\/Vai-tro-cua-WAF-trong-viec-bao-ve-kiem-soat-va-phat-hien-tan-cong.png 800w, https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2024\/09\/Vai-tro-cua-WAF-trong-viec-bao-ve-kiem-soat-va-phat-hien-tan-cong-300x188.png 300w, https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2024\/09\/Vai-tro-cua-WAF-trong-viec-bao-ve-kiem-soat-va-phat-hien-tan-cong-768x480.png 768w, https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2024\/09\/Vai-tro-cua-WAF-trong-viec-bao-ve-kiem-soat-va-phat-hien-tan-cong-750x469.png 750w\" sizes=\"auto, (max-width: 800px) 100vw, 800px\" \/><figcaption id=\"caption-attachment-18095\" class=\"wp-caption-text\">Vai tr\u00f2 c\u1ee7a WAF<\/figcaption><\/figure>\n<h3><span class=\"ez-toc-section\" id=\"Giam-thieu-rui-ro-va-thoi-gian-xu-ly-su-co-bao-mat\"><\/span><strong>Gi\u1ea3m thi\u1ec3u r\u1ee7i ro v\u00e0 th\u1eddi gian x\u1eed l\u00fd s\u1ef1 c\u1ed1 b\u1ea3o m\u1eadt<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Nh\u1edd kh\u1ea3 n\u0103ng ph\u00e1t hi\u1ec7n s\u1edbm v\u00e0 ch\u1eb7n c\u00e1c m\u1ed1i \u0111e d\u1ecda ngay t\u1eeb \u0111\u1ea7u, WAF gi\u00fap doanh nghi\u1ec7p gi\u1ea3m thi\u1ec3u r\u1ee7i ro b\u1ecb x\u00e2m nh\u1eadp v\u00e0 r\u00fat ng\u1eafn th\u1eddi gian kh\u1eafc ph\u1ee5c s\u1ef1 c\u1ed1 b\u1ea3o m\u1eadt, b\u1ea3o v\u1ec7 uy t\u00edn v\u00e0 ho\u1ea1t \u0111\u1ed9ng li\u00ean t\u1ee5c c\u1ee7a h\u1ec7 th\u1ed1ng.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Tang-tinh-kha-dung-va-hieu-suat-cua-ung-dung-web\"><\/span><strong>T\u0103ng t\u00ednh kh\u1ea3 d\u1ee5ng v\u00e0 hi\u1ec7u su\u1ea5t c\u1ee7a \u1ee9ng d\u1ee5ng web<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>WAF kh\u00f4ng ch\u1ec9 b\u1ea3o v\u1ec7 m\u00e0 c\u00f2n gi\u00fap n\u00e2ng cao hi\u1ec7u su\u1ea5t b\u1eb1ng c\u00e1ch gi\u1ea3m t\u1ea3i l\u01b0u l\u01b0\u1ee3ng \u0111\u1ed9c h\u1ea1i, b\u1ea3o v\u1ec7 \u1ee9ng d\u1ee5ng kh\u1ecfi c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng l\u00e0m gi\u00e1n \u0111o\u1ea1n nh\u01b0 DDoS, t\u1eeb \u0111\u00f3 \u0111\u1ea3m b\u1ea3o \u1ee9ng d\u1ee5ng lu\u00f4n s\u1eb5n s\u00e0ng ph\u1ee5c v\u1ee5 ng\u01b0\u1eddi d\u00f9ng.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Ho-tro-tuan-thu-cac-quy-dinh-bao-mat\"><\/span><strong>H\u1ed7 tr\u1ee3 tu\u00e2n th\u1ee7 c\u00e1c quy \u0111\u1ecbnh b\u1ea3o m\u1eadt<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>V\u1edbi c\u00e1c ng\u00e0nh ngh\u1ec1 c\u00f3 y\u00eau c\u1ea7u nghi\u00eam ng\u1eb7t v\u1ec1 b\u1ea3o m\u1eadt nh\u01b0 t\u00e0i ch\u00ednh, y t\u1ebf, ng\u00e2n h\u00e0ng, WAF gi\u00fap doanh nghi\u1ec7p \u0111\u00e1p \u1ee9ng c\u00e1c ti\u00eau chu\u1ea9n v\u00e0 quy \u0111\u1ecbnh b\u1ea3o m\u1eadt th\u00f4ng tin b\u1eb1ng c\u00e1ch ki\u1ec3m so\u00e1t ch\u1eb7t ch\u1ebd l\u01b0u l\u01b0\u1ee3ng truy c\u1eadp v\u00e0 b\u1ea3o v\u1ec7 d\u1eef li\u1ec7u nh\u1ea1y c\u1ea3m.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Kha-nang-tuy-chinh-va-cap-nhat-linh-hoat\"><\/span><strong>Kh\u1ea3 n\u0103ng t\u00f9y ch\u1ec9nh v\u00e0 c\u1eadp nh\u1eadt linh ho\u1ea1t<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>WAF s\u1eed d\u1ee5ng c\u00e1c ch\u00ednh s\u00e1ch v\u00e0 quy t\u1eafc b\u1ea3o m\u1eadt c\u00f3 th\u1ec3 \u0111i\u1ec1u ch\u1ec9nh nhanh ch\u00f3ng \u0111\u1ec3 \u1ee9ng ph\u00f3 v\u1edbi c\u00e1c lo\u1ea1i t\u1ea5n c\u00f4ng m\u1edbi, gi\u00fap doanh nghi\u1ec7p lu\u00f4n ch\u1ee7 \u0111\u1ed9ng trong vi\u1ec7c b\u1ea3o v\u1ec7 h\u1ec7 th\u1ed1ng tr\u01b0\u1edbc c\u00e1c m\u1ed1i \u0111e d\u1ecda thay \u0111\u1ed5i li\u00ean t\u1ee5c.<\/p>\n<p>T\u00f3m l\u1ea1i, WAF l\u00e0 l\u1edbp ph\u00f2ng th\u1ee7 kh\u00f4ng th\u1ec3 thi\u1ebfu trong h\u1ec7 th\u1ed1ng b\u1ea3o m\u1eadt hi\u1ec7n \u0111\u1ea1i, gi\u00fap b\u1ea3o v\u1ec7 \u1ee9ng d\u1ee5ng web kh\u1ecfi c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng m\u1ea1ng, n\u00e2ng cao hi\u1ec7u su\u1ea5t v\u00e0 \u0111\u1ea3m b\u1ea3o an to\u00e0n d\u1eef li\u1ec7u cho doanh nghi\u1ec7p trong b\u1ed1i c\u1ea3nh an ninh m\u1ea1ng ng\u00e0y c\u00e0ng ph\u1ee9c t\u1ea1p.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Cac-loai-WAF-pho-bien-hien-nay\"><\/span><strong>C\u00e1c lo\u1ea1i WAF ph\u1ed5 bi\u1ebfn hi\u1ec7n nay<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Sau khi \u0111\u00e3 n\u1eafm \u0111\u01b0\u1ee3c <strong>WAF l\u00e0 g\u00ec<\/strong>, b\u01b0\u1edbc ti\u1ebfp theo l\u00e0 t\u00ecm hi\u1ec3u c\u00e1c h\u00ecnh th\u1ee9c tri\u1ec3n khai c\u1ee7a n\u00f3. Hi\u1ec7n c\u00f3 ba <strong>lo\u1ea1i WAF<\/strong> ch\u00ednh, m\u1ed7i lo\u1ea1i c\u00f3 \u01b0u v\u00e0 nh\u01b0\u1ee3c \u0111i\u1ec3m ri\u00eang, ph\u00f9 h\u1ee3p v\u1edbi c\u00e1c nhu- c\u1ea7u v\u00e0 quy m\u00f4 h\u1ea1 t\u1ea7ng kh\u00e1c nhau.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Network-based-WAF-WAF-dua-tren-phan-cung\"><\/span><strong>Network-based WAF (WAF d\u1ef1a tr\u00ean ph\u1ea7n c\u1ee9ng)<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Network-based WAF l\u00e0 gi\u1ea3i ph\u00e1p WAF v\u1eadt l\u00fd \u0111\u01b0\u1ee3c c\u00e0i \u0111\u1eb7t tr\u1ef1c ti\u1ebfp trong h\u1ea1 t\u1ea7ng m\u1ea1ng n\u1ed9i b\u1ed9 c\u1ee7a doanh nghi\u1ec7p (<a href=\"https:\/\/interdata.vn\/blog\/on-premise-la-gi\/\">on-premise<\/a>).<\/p>\n<ul>\n<li><strong>\u01afu \u0111i\u1ec3m:<\/strong> Hi\u1ec7u su\u1ea5t r\u1ea5t cao v\u00e0 \u0111\u1ed9 tr\u1ec5 th\u1ea5p do \u0111\u01b0\u1ee3c t\u1ed1i \u01b0u h\u00f3a v\u1ec1 ph\u1ea7n c\u1ee9ng. To\u00e0n quy\u1ec1n ki\u1ec3m so\u00e1t v\u00e0 t\u00f9y ch\u1ec9nh.<\/li>\n<li><strong>Nh\u01b0\u1ee3c \u0111i\u1ec3m:<\/strong> Chi ph\u00ed \u0111\u1ea7u t\u01b0 ban \u0111\u1ea7u r\u1ea5t l\u1edbn. \u0110\u00f2i h\u1ecfi \u0111\u1ed9i ng\u0169 IT c\u00f3 chuy\u00ean m\u00f4n cao \u0111\u1ec3 c\u00e0i \u0111\u1eb7t, c\u1ea5u h\u00ecnh v\u00e0 b\u1ea3o tr\u00ec. Kh\u00f3 m\u1edf r\u1ed9ng khi c\u00f3 nhu c\u1ea7u \u0111\u1ed9t bi\u1ebfn.<\/li>\n<\/ul>\n<figure id=\"attachment_34584\" aria-describedby=\"caption-attachment-34584\" style=\"width: 800px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-34584\" src=\"https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/06\/Cac-loai-WAF-pho-bien.jpg\" alt=\"C\u00e1c lo\u1ea1i WAF ph\u1ed5 bi\u1ebfn\" width=\"800\" height=\"500\" title=\"\" srcset=\"https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/06\/Cac-loai-WAF-pho-bien.jpg 800w, https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/06\/Cac-loai-WAF-pho-bien-300x188.jpg 300w, https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/06\/Cac-loai-WAF-pho-bien-768x480.jpg 768w\" sizes=\"auto, (max-width: 800px) 100vw, 800px\" \/><figcaption id=\"caption-attachment-34584\" class=\"wp-caption-text\">C\u00e1c lo\u1ea1i WAF ph\u1ed5 bi\u1ebfn<\/figcaption><\/figure>\n<h3><span class=\"ez-toc-section\" id=\"Host-based-WAF-WAF-dua-tren-phan-mem\"><\/span><strong>Host-based WAF (WAF d\u1ef1a tr\u00ean ph\u1ea7n m\u1ec1m)<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Host-based WAF l\u00e0 m\u1ed9t ph\u1ea7n m\u1ec1m \u0111\u01b0\u1ee3c c\u00e0i \u0111\u1eb7t tr\u1ef1c ti\u1ebfp l\u00ean ch\u00ednh <a href=\"https:\/\/interdata.vn\/blog\/may-chu-server-la-gi\/\">m\u00e1y ch\u1ee7<\/a> web.<\/p>\n<ul>\n<li><strong>\u01afu \u0111i\u1ec3m:<\/strong> Chi ph\u00ed th\u1ea5p h\u01a1n so v\u1edbi WAF ph\u1ea7n c\u1ee9ng. T\u00f9y bi\u1ebfn cao v\u00ec n\u00f3 t\u00edch h\u1ee3p s\u00e2u v\u00e0o h\u1ec7 th\u1ed1ng.<\/li>\n<li><strong>Nh\u01b0\u1ee3c \u0111i\u1ec3m:<\/strong> Ti\u00eau t\u1ed1n t\u00e0i nguy\u00ean c\u1ee7a m\u00e1y ch\u1ee7 web (<a href=\"https:\/\/interdata.vn\/blog\/cpu-server\/\">CPU<\/a>, <a href=\"https:\/\/interdata.vn\/blog\/ram-server\/\">RAM<\/a>), c\u00f3 th\u1ec3 \u1ea3nh h\u01b0\u1edfng \u0111\u1ebfn hi\u1ec7u su\u1ea5t c\u1ee7a website. Vi\u1ec7c qu\u1ea3n l\u00fd tr\u1edf n\u00ean ph\u1ee9c t\u1ea1p n\u1ebfu b\u1ea1n c\u00f3 nhi\u1ec1u m\u00e1y ch\u1ee7.<\/li>\n<\/ul>\n<h3><span class=\"ez-toc-section\" id=\"Cloud-WAF-WAF-dua-tren-dam-may\"><\/span><strong>Cloud WAF (WAF d\u1ef1a tr\u00ean \u0111\u00e1m m\u00e2y)<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Cloud WAF l\u00e0 h\u00ecnh th\u1ee9c ph\u1ed5 bi\u1ebfn nh\u1ea5t hi\u1ec7n nay. Ng\u01b0\u1eddi d\u00f9ng ch\u1ec9 c\u1ea7n tr\u1ecf <a href=\"https:\/\/interdata.vn\/blog\/dns-la-gi\/\">DNS<\/a> c\u1ee7a website qua h\u1ec7 th\u1ed1ng c\u1ee7a nh\u00e0 cung c\u1ea5p <strong>d\u1ecbch v\u1ee5 WAF<\/strong>. To\u00e0n b\u1ed9 l\u01b0u l\u01b0\u1ee3ng truy c\u1eadp s\u1ebd \u0111\u01b0\u1ee3c l\u1ecdc tr\u00ean \u0111\u00e1m m\u00e2y tr\u01b0\u1edbc khi \u0111\u1ebfn m\u00e1y ch\u1ee7 g\u1ed1c.<\/p>\n<ul>\n<li><strong>\u01afu \u0111i\u1ec3m:<\/strong> D\u1ec5 d\u00e0ng tri\u1ec3n khai, kh\u00f4ng c\u1ea7n \u0111\u1ea7u t\u01b0 ph\u1ea7n c\u1ee9ng. Chi ph\u00ed linh ho\u1ea1t theo h\u00ecnh th\u1ee9c thu\u00ea bao. Lu\u00f4n \u0111\u01b0\u1ee3c c\u1eadp nh\u1eadt c\u00e1c quy t\u1eafc b\u1ea3o m\u1eadt m\u1edbi nh\u1ea5t b\u1edfi nh\u00e0 cung c\u1ea5p. Kh\u1ea3 n\u0103ng m\u1edf r\u1ed9ng kh\u00f4ng gi\u1edbi h\u1ea1n. T\u00edch h\u1ee3p th\u00eam c\u00e1c t\u00ednh n\u0103ng nh\u01b0 ch\u1ed1ng DDoS, <a href=\"https:\/\/interdata.vn\/blog\/cdn-la-gi\/\">CDN<\/a>.<\/li>\n<li><strong>Nh\u01b0\u1ee3c \u0111i\u1ec3m:<\/strong> Ph\u1ee5 thu\u1ed9c v\u00e0o nh\u00e0 cung c\u1ea5p b\u00ean th\u1ee9 ba. C\u00f3 th\u1ec3 ph\u00e1t sinh lo ng\u1ea1i v\u1ec1 vi\u1ec7c d\u1eef li\u1ec7u \u0111\u01b0\u1ee3c x\u1eed l\u00fd b\u00ean ngo\u00e0i h\u1ea1 t\u1ea7ng c\u1ee7a doanh nghi\u1ec7p.<\/li>\n<\/ul>\n<h2><span class=\"ez-toc-section\" id=\"WAF-hoat-dong-nhu-the-nao\"><\/span>WAF ho\u1ea1t \u0111\u1ed9ng nh\u01b0 th\u1ebf n\u00e0o?<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>WAF \u0111\u01b0\u1ee3c \u0111\u1eb7t tr\u01b0\u1edbc c\u00e1c \u1ee9ng d\u1ee5ng web v\u00e0 c\u00f3 nhi\u1ec7m v\u1ee5 ph\u00e2n t\u00edch l\u01b0u l\u01b0\u1ee3ng HTTP, bao g\u1ed3m c\u1ea3 c\u00e1c y\u00eau c\u1ea7u GET v\u00e0 POST, nh\u1eb1m ph\u00e1t hi\u1ec7n v\u00e0 ng\u0103n ch\u1eb7n m\u1ecdi n\u1ed9i dung \u0111\u1ed9c h\u1ea1i.<\/p>\n<p>Kh\u00e1c v\u1edbi <strong>t\u01b0\u1eddng l\u1eeda<\/strong> th\u00f4ng th\u01b0\u1eddng, ch\u1ec9 ho\u1ea1t \u0111\u1ed9ng nh\u01b0 m\u1ed9t r\u00e0o c\u1ea3n an to\u00e0n gi\u1eefa c\u00e1c m\u00e1y ch\u1ee7, WAF l\u00e0 m\u1ed9t gi\u1ea3i ph\u00e1p b\u1ea3o m\u1eadt \u1ee9ng d\u1ee5ng n\u1eb1m gi\u1eefa Web Client v\u00e0 Web Server.<\/p>\n<p>Nhi\u1ec1u cu\u1ed9c t\u1ea5n c\u00f4ng \u0111\u1ed9c h\u1ea1i v\u00e0o m\u00e1y t\u00ednh th\u01b0\u1eddng di\u1ec5n ra t\u1ef1 \u0111\u1ed9ng, khi\u1ebfn ch\u00fang kh\u00f3 ph\u00e1t hi\u1ec7n v\u00ec \u0111\u01b0\u1ee3c thi\u1ebft k\u1ebf \u0111\u1ec3 m\u00f4 ph\u1ecfng l\u01b0u l\u01b0\u1ee3ng c\u1ee7a ng\u01b0\u1eddi d\u00f9ng th\u1eadt.<\/p>\n<p>WAF ti\u1ebfn h\u00e0nh ki\u1ec3m tra chi ti\u1ebft m\u1ecdi y\u00eau c\u1ea7u v\u00e0 ph\u1ea3n h\u1ed3i li\u00ean quan \u0111\u1ebfn c\u00e1c lo\u1ea1i l\u01b0u l\u01b0\u1ee3ng truy c\u1eadp web ph\u1ed5 bi\u1ebfn. Qu\u00e1 tr\u00ecnh n\u00e0y gi\u00fap WAF nh\u1eadn di\u1ec7n v\u00e0 ch\u1eb7n l\u1ea1i c\u00e1c m\u1ed1i \u0111e d\u1ecda, b\u1ea3o v\u1ec7 m\u00e1y ch\u1ee7 kh\u1ecfi s\u1ef1 x\u00e2m nh\u1eadp.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"WAF-bao-ve-website-khoi-nhung-loai-tan-cong-nao\"><\/span><strong>WAF b\u1ea3o v\u1ec7 website kh\u1ecfi nh\u1eefng lo\u1ea1i t\u1ea5n c\u00f4ng n\u00e0o?<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>M\u1ed9t trong nh\u1eefng c\u00e2u tr\u1ea3 l\u1eddi quan tr\u1ecdng nh\u1ea5t cho c\u00e2u h\u1ecfi &#8220;<strong>WAF l\u00e0 g\u00ec<\/strong>?&#8221; n\u1eb1m \u1edf kh\u1ea3 n\u0103ng ph\u00f2ng th\u1ee7 c\u1ee7a n\u00f3. WAF \u0111\u01b0\u1ee3c thi\u1ebft k\u1ebf \u0111\u1ec3 ch\u1ed1ng l\u1ea1i m\u1ed9t lo\u1ea1t c\u00e1c m\u1ed1i \u0111e d\u1ecda nh\u1eafm v\u00e0o l\u1edbp \u1ee9ng d\u1ee5ng, \u0111\u1eb7c bi\u1ec7t l\u00e0 c\u00e1c l\u1ed7 h\u1ed5ng \u0111\u01b0\u1ee3c li\u1ec7t k\u00ea trong danh s\u00e1ch <strong><a href=\"https:\/\/interdata.vn\/blog\/owasp-owasp-top-10-la-gi\/\">OWASP<\/a> Top 10<\/strong> \u2013 m\u1ed9t t\u00e0i li\u1ec7u ti\u00eau chu\u1ea9n v\u1ec1 c\u00e1c r\u1ee7i ro b\u1ea3o m\u1eadt \u1ee9ng d\u1ee5ng web nghi\u00eam tr\u1ecdng nh\u1ea5t.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Tan-cong-SQL-Injection\"><\/span><strong>T\u1ea5n c\u00f4ng SQL Injection<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>\u0110\u00e2y l\u00e0 k\u1ef9 thu\u1eadt tin t\u1eb7c ch\u00e8n c\u00e1c \u0111o\u1ea1n m\u00e3 SQL \u0111\u1ed9c h\u1ea1i v\u00e0o c\u00e1c tr\u01b0\u1eddng nh\u1eadp li\u1ec7u (form \u0111\u0103ng nh\u1eadp, \u00f4 t\u00ecm ki\u1ebfm) tr\u00ean website. N\u1ebfu th\u00e0nh c\u00f4ng, ch\u00fang c\u00f3 th\u1ec3 truy c\u1eadp, s\u1eeda \u0111\u1ed5i ho\u1eb7c x\u00f3a to\u00e0n b\u1ed9 c\u01a1 s\u1edf d\u1eef li\u1ec7u c\u1ee7a b\u1ea1n. WAF ng\u0103n ch\u1eb7n t\u1ea5n c\u00f4ng n\u00e0y b\u1eb1ng c\u00e1ch ph\u00e2n t\u00edch c\u00e1c <a href=\"https:\/\/interdata.vn\/blog\/query-la-gi\/\">truy v\u1ea5n<\/a> v\u00e0 ch\u1eb7n nh\u1eefng y\u00eau c\u1ea7u ch\u1ee9a c\u00fa ph\u00e1p SQL b\u1ea5t th\u01b0\u1eddng.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Tan-cong-Cross-Site-Scripting-XSS\"><\/span><strong>T\u1ea5n c\u00f4ng Cross-Site Scripting (XSS)<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>V\u1edbi XSS, tin t\u1eb7c ch\u00e8n c\u00e1c \u0111o\u1ea1n m\u00e3 \u0111\u1ed9c (th\u01b0\u1eddng l\u00e0 <a href=\"https:\/\/interdata.vn\/blog\/javascript-la-gi\/\">JavaScript<\/a>) v\u00e0o website c\u1ee7a b\u1ea1n. Khi ng\u01b0\u1eddi d\u00f9ng kh\u00e1c truy c\u1eadp v\u00e0o trang b\u1ecb nhi\u1ec5m m\u00e3 \u0111\u1ed9c, tr\u00ecnh duy\u1ec7t c\u1ee7a h\u1ecd s\u1ebd th\u1ef1c thi \u0111o\u1ea1n m\u00e3 n\u00e0y, cho ph\u00e9p tin t\u1eb7c \u0111\u00e1nh c\u1eafp cookie, phi\u00ean \u0111\u0103ng nh\u1eadp ho\u1eb7c th\u1ef1c hi\u1ec7n c\u00e1c h\u00e0nh \u0111\u1ed9ng m\u1ea1o danh. WAF s\u1ebd l\u1ecdc v\u00e0 v\u00f4 hi\u1ec7u h\u00f3a c\u00e1c \u0111o\u1ea1n m\u00e3 \u0111\u00e1ng ng\u1edd trong y\u00eau c\u1ea7u HTTP.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Tan-cong-Brute-Force-Credential-Stuffing\"><\/span><strong>T\u1ea5n c\u00f4ng Brute Force &amp; Credential Stuffing<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>T\u1ea5n c\u00f4ng <a href=\"https:\/\/interdata.vn\/blog\/tan-cong-brute-force-la-gi\/\">Brute Force<\/a> l\u00e0 h\u00e0nh \u0111\u1ed9ng th\u1eed li\u00ean ti\u1ebfp c\u00e1c t\u1ed5 h\u1ee3p t\u00ean ng\u01b0\u1eddi d\u00f9ng v\u00e0 m\u1eadt kh\u1ea9u \u0111\u1ec3 d\u00f2 ra th\u00f4ng tin \u0111\u0103ng nh\u1eadp. Credential Stuffing l\u00e0 vi\u1ec7c s\u1eed d\u1ee5ng c\u00e1c c\u1eb7p th\u00f4ng tin \u0111\u0103ng nh\u1eadp \u0111\u00e3 b\u1ecb r\u00f2 r\u1ec9 t\u1eeb c\u00e1c d\u1ecbch v\u1ee5 kh\u00e1c \u0111\u1ec3 th\u1eed \u0111\u0103ng nh\u1eadp v\u00e0o website c\u1ee7a b\u1ea1n.<\/p>\n<p>WAF c\u00f3 th\u1ec3 gi\u1edbi h\u1ea1n s\u1ed1 l\u1ea7n \u0111\u0103ng nh\u1eadp sai trong m\u1ed9t kho\u1ea3ng th\u1eddi gian t\u1eeb m\u1ed9t <a href=\"https:\/\/interdata.vn\/blog\/dia-chi-ip-la-gi\/\">\u0111\u1ecba ch\u1ec9 IP<\/a>, qua \u0111\u00f3 l\u00e0m th\u1ea5t b\u1ea1i c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng n\u00e0y.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Va-cac-lo-hong-khac-trong-OWASP-Top-10\"><\/span><strong>V\u00e0 c\u00e1c l\u1ed7 h\u1ed5ng kh\u00e1c trong OWASP Top 10<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Ngo\u00e0i ra, WAF c\u00f2n hi\u1ec7u qu\u1ea3 trong vi\u1ec7c ch\u1ed1ng l\u1ea1i:<\/p>\n<ul>\n<li>Broken Authentication (X\u00e1c th\u1ef1c kh\u00f4ng an to\u00e0n)<\/li>\n<li>XML External Entities (XXE)<\/li>\n<li>Security Misconfiguration (C\u1ea5u h\u00ecnh sai b\u1ea3o m\u1eadt)<\/li>\n<li>Insecure Deserialization (L\u1ed7i gi\u1ea3i m\u00e3 kh\u00f4ng an to\u00e0n)<\/li>\n<\/ul>\n<h2><span class=\"ez-toc-section\" id=\"Tai-sao-doanh-nghiep-cua-ban-can-trien-khai-WAF\"><\/span><strong>T\u1ea1i sao doanh nghi\u1ec7p c\u1ee7a b\u1ea1n c\u1ea7n tri\u1ec3n khai WAF?<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>\u0110\u1ed1i v\u1edbi c\u00e1c nh\u00e0 l\u00e3nh \u0111\u1ea1o c\u00f4ng ngh\u1ec7 (CTO) v\u00e0 ch\u1ee7 doanh nghi\u1ec7p, vi\u1ec7c \u0111\u1ea7u t\u01b0 v\u00e0o <strong>WAF cho doanh nghi\u1ec7p<\/strong> kh\u00f4ng ch\u1ec9 l\u00e0 m\u1ed9t quy\u1ebft \u0111\u1ecbnh k\u1ef9 thu\u1eadt m\u00e0 c\u00f2n l\u00e0 m\u1ed9t chi\u1ebfn l\u01b0\u1ee3c kinh doanh th\u00f4ng minh.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Chong-that-thoat-du-lieu-va-bao-ve-uy-tin\"><\/span><strong>Ch\u1ed1ng th\u1ea5t tho\u00e1t d\u1eef li\u1ec7u v\u00e0 b\u1ea3o v\u1ec7 uy t\u00edn<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>M\u1ed9t v\u1ee5 t\u1ea5n c\u00f4ng th\u00e0nh c\u00f4ng c\u00f3 th\u1ec3 l\u00e0m r\u00f2 r\u1ec9 th\u00f4ng tin kh\u00e1ch h\u00e0ng, g\u00e2y t\u1ed5n th\u1ea5t t\u00e0i ch\u00ednh tr\u1ef1c ti\u1ebfp v\u00e0 l\u00e0m suy gi\u1ea3m nghi\u00eam tr\u1ecdng l\u00f2ng tin c\u1ee7a kh\u00e1ch h\u00e0ng. Danh ti\u1ebfng m\u00e0 b\u1ea1n x\u00e2y d\u1ef1ng trong nhi\u1ec1u n\u0103m c\u00f3 th\u1ec3 b\u1ecb h\u1ee7y ho\u1ea1i ch\u1ec9 sau m\u1ed9t \u0111\u00eam. WAF l\u00e0 l\u1edbp ph\u00f2ng th\u1ee7 ch\u1ee7 \u0111\u1ed9ng \u0111\u1ec3 ng\u0103n ch\u1eb7n k\u1ecbch b\u1ea3n t\u1ed3i t\u1ec7 n\u00e0y.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Dap-ung-cac-tieu-chuan-tuan-thu-bao-mat-PCI-DSS\"><\/span><strong>\u0110\u00e1p \u1ee9ng c\u00e1c ti\u00eau chu\u1ea9n tu\u00e2n th\u1ee7 b\u1ea3o m\u1eadt (PCI-DSS)<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>N\u1ebfu doanh nghi\u1ec7p c\u1ee7a b\u1ea1n x\u1eed l\u00fd thanh to\u00e1n th\u1ebb tr\u1ef1c tuy\u1ebfn, vi\u1ec7c tu\u00e2n th\u1ee7 Ti\u00eau chu\u1ea9n B\u1ea3o m\u1eadt D\u1eef li\u1ec7u Ng\u00e0nh Th\u1ebb thanh to\u00e1n (PCI-DSS) l\u00e0 b\u1eaft bu\u1ed9c. Y\u00eau c\u1ea7u 6.6 c\u1ee7a PCI-DSS n\u00eau r\u00f5 r\u1eb1ng c\u00e1c t\u1ed5 ch\u1ee9c ph\u1ea3i c\u00e0i \u0111\u1eb7t m\u1ed9t t\u01b0\u1eddng l\u1eeda \u1ee9ng d\u1ee5ng web \u0111\u1ec3 b\u1ea3o v\u1ec7 d\u1eef li\u1ec7u ch\u1ee7 th\u1ebb. Vi\u1ec7c <strong>tri\u1ec3n khai WAF<\/strong> l\u00e0 m\u1ed9t trong nh\u1eefng c\u00e1ch hi\u1ec7u qu\u1ea3 nh\u1ea5t \u0111\u1ec3 \u0111\u00e1p \u1ee9ng y\u00eau c\u1ea7u n\u00e0y.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Giam-ganh-nang-cho-doi-ngu-phat-trien-Dev\"><\/span><strong>Gi\u1ea3m g\u00e1nh n\u1eb7ng cho \u0111\u1ed9i ng\u0169 ph\u00e1t tri\u1ec3n (Dev)<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>Thay v\u00ec ph\u1ea3i li\u00ean t\u1ee5c ch\u1ea1y theo \u0111\u1ec3 v\u00e1 c\u00e1c l\u1ed7 h\u1ed5ng, \u0111\u1ed9i ng\u0169 <a href=\"https:\/\/interdata.vn\/blog\/lap-trinh-la-gi\/\">l\u1eadp tr\u00ecnh<\/a> vi\u00ean c\u00f3 th\u1ec3 t\u1eadp trung v\u00e0o vi\u1ec7c ph\u00e1t tri\u1ec3n c\u00e1c t\u00ednh n\u0103ng m\u1edbi cho s\u1ea3n ph\u1ea9m. WAF gi\u00fap gi\u1ea3m \u00e1p l\u1ef1c b\u1ea3o m\u1eadt cho \u0111\u1ed9i ng\u0169 Dev, cho ph\u00e9p h\u1ecd l\u00e0m vi\u1ec7c hi\u1ec7u qu\u1ea3 h\u01a1n.<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Ngan-chan-downtime-dam-bao-hoat-dong-kinh-doanh\"><\/span><strong>Ng\u0103n ch\u1eb7n downtime, \u0111\u1ea3m b\u1ea3o ho\u1ea1t \u0111\u1ed9ng kinh doanh<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>C\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng nh\u01b0 DDoS l\u1edbp \u1ee9ng d\u1ee5ng c\u00f3 th\u1ec3 l\u00e0m c\u1ea1n ki\u1ec7t t\u00e0i nguy\u00ean m\u00e1y ch\u1ee7, khi\u1ebfn website c\u1ee7a b\u1ea1n b\u1ecb s\u1eadp (<a href=\"https:\/\/interdata.vn\/blog\/downtime-la-gi\/\">downtime<\/a>). M\u1ed7i ph\u00fat website ng\u1eebng ho\u1ea1t \u0111\u1ed9ng l\u00e0 m\u1ed7i ph\u00fat b\u1ea1n m\u1ea5t \u0111i doanh thu v\u00e0 c\u01a1 h\u1ed9i kinh doanh. WAF gi\u00fap l\u1ecdc c\u00e1c l\u01b0u l\u01b0\u1ee3ng truy c\u1eadp \u0111\u1ed9c h\u1ea1i n\u00e0y, \u0111\u1ea3m b\u1ea3o website lu\u00f4n \u1ed5n \u0111\u1ecbnh v\u00e0 s\u1eb5n s\u00e0ng ph\u1ee5c v\u1ee5 kh\u00e1ch h\u00e0ng.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Kien-truc-cua-Web-Application-Firewalls-WAF\"><\/span>Ki\u1ebfn tr\u00fac c\u1ee7a Web Application Firewalls (WAF)<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<h3><span class=\"ez-toc-section\" id=\"Vi-tri-trien-khai-tuong-lua-ung-dung-web-WAF\"><\/span>V\u1ecb tr\u00ed tri\u1ec3n khai t\u01b0\u1eddng l\u1eeda \u1ee9ng d\u1ee5ng web (WAF)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>C\u00e1c thi\u1ebft b\u1ecb WAF c\u1ee9ng th\u01b0\u1eddng \u0111\u01b0\u1ee3c b\u1ed1 tr\u00ed sau t\u01b0\u1eddng l\u1eeda m\u1ea1ng v\u00e0 tr\u01b0\u1edbc <a href=\"https:\/\/interdata.vn\/blog\/application-server-la-gi\/\">m\u00e1y ch\u1ee7 \u1ee9ng d\u1ee5ng<\/a> web. M\u1ee5c ti\u00eau l\u00e0 \u0111\u1ea3m b\u1ea3o t\u1ea5t c\u1ea3 l\u01b0u l\u01b0\u1ee3ng truy c\u1eadp v\u00e0o \u1ee9ng d\u1ee5ng web \u0111\u1ec1u ph\u1ea3i \u0111i qua WAF tr\u01b0\u1edbc ti\u00ean. Tuy nhi\u00ean, c\u0169ng c\u00f3 m\u1ed9t s\u1ed1 tr\u01b0\u1eddng h\u1ee3p ngo\u1ea1i l\u1ec7 khi WAF ch\u1ec9 \u0111\u01b0\u1ee3c s\u1eed d\u1ee5ng \u0111\u1ec3 theo d\u00f5i c\u00e1c c\u1ed5ng m\u1edf tr\u00ean m\u00e1y ch\u1ee7 web.<\/p>\n<p>B\u00ean c\u1ea1nh \u0111\u00f3, c\u00e1c ch\u01b0\u01a1ng tr\u00ecnh WAF c\u0169ng c\u00f3 th\u1ec3 \u0111\u01b0\u1ee3c c\u00e0i \u0111\u1eb7t tr\u1ef1c ti\u1ebfp tr\u00ean m\u00e1y ch\u1ee7 web \u0111\u1ec3 th\u1ef1c hi\u1ec7n c\u00e1c ch\u1ee9c n\u0103ng t\u01b0\u01a1ng t\u1ef1, nh\u01b0 gi\u00e1m s\u00e1t l\u01b0u l\u01b0\u1ee3ng \u0111\u1ebfn v\u00e0 \u0111i t\u1eeb \u1ee9ng d\u1ee5ng web.<\/p>\n<figure id=\"attachment_18096\" aria-describedby=\"caption-attachment-18096\" style=\"width: 800px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-18096\" src=\"https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2024\/09\/Kien-truc-cua-Web-Application-Firewalls-WAF.jpg\" alt=\"Ki\u1ebfn tr\u00fac c\u1ee7a Web Application Firewalls (WAF)\" width=\"800\" height=\"449\" title=\"\" srcset=\"https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2024\/09\/Kien-truc-cua-Web-Application-Firewalls-WAF.jpg 800w, https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2024\/09\/Kien-truc-cua-Web-Application-Firewalls-WAF-300x168.jpg 300w, https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2024\/09\/Kien-truc-cua-Web-Application-Firewalls-WAF-768x431.jpg 768w, https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2024\/09\/Kien-truc-cua-Web-Application-Firewalls-WAF-750x421.jpg 750w\" sizes=\"auto, (max-width: 800px) 100vw, 800px\" \/><figcaption id=\"caption-attachment-18096\" class=\"wp-caption-text\">Ki\u1ebfn tr\u00fac c\u1ee7a Web Application Firewalls (WAF)<\/figcaption><\/figure>\n<h3><span class=\"ez-toc-section\" id=\"Mo-hinh-bao-mat-Positive-%E2%80%93-Negative\"><\/span>M\u00f4 h\u00ecnh b\u1ea3o m\u1eadt Positive \u2013 Negative<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>M\u1ed9t WAF ho\u1ea1t \u0111\u1ed9ng theo hai m\u00f4 h\u00ecnh b\u1ea3o m\u1eadt ch\u00ednh: Positive v\u00e0 Negative. M\u00f4 h\u00ecnh Positive ch\u1ec9 cho ph\u00e9p c\u00e1c l\u01b0u l\u01b0\u1ee3ng h\u1ee3p l\u1ec7 \u0111\u00e3 \u0111\u01b0\u1ee3c x\u00e1c \u0111\u1ecbnh tr\u01b0\u1edbc \u0111i qua, trong khi ch\u1eb7n t\u1ea5t c\u1ea3 c\u00e1c l\u01b0u l\u01b0\u1ee3ng kh\u00e1c.<\/p>\n<p>Ng\u01b0\u1ee3c l\u1ea1i, m\u00f4 h\u00ecnh Negative cho ph\u00e9p m\u1ecdi l\u01b0u l\u01b0\u1ee3ng v\u01b0\u1ee3t qua v\u00e0 ch\u1ec9 ch\u1eb7n nh\u1eefng l\u01b0u l\u01b0\u1ee3ng m\u00e0 WAF nh\u1eadn di\u1ec7n l\u00e0 c\u00f3 h\u1ea1i. M\u1ed9t s\u1ed1 WAF c\u00f3 th\u1ec3 h\u1ed7 tr\u1ee3 c\u1ea3 hai m\u00f4 h\u00ecnh, nh\u01b0ng th\u00f4ng th\u01b0\u1eddng ch\u1ec9 c\u00f3 m\u1ed9t trong hai.<\/p>\n<p>M\u00f4 h\u00ecnh Positive y\u00eau c\u1ea7u nhi\u1ec1u c\u1ea5u h\u00ecnh v\u00e0 t\u00f9y ch\u1ec9nh, trong khi m\u00f4 h\u00ecnh Negative ch\u1ee7 y\u1ebfu d\u1ef1a v\u00e0o kh\u1ea3 n\u0103ng h\u1ecdc h\u1ecfi v\u00e0 ph\u00e2n t\u00edch h\u00e0nh vi c\u1ee7a l\u01b0u l\u01b0\u1ee3ng m\u1ea1ng.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Phan-biet-giua-blocklist-va-allowlist\"><\/span>Ph\u00e2n bi\u1ec7t gi\u1eefa blocklist v\u00e0 allowlist<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>C\u1ea3 blocklist v\u00e0 allowlist \u0111\u1ec1u \u0111\u00f3ng vai tr\u00f2 quan tr\u1ecdng trong vi\u1ec7c qu\u1ea3n l\u00fd quy\u1ec1n truy c\u1eadp, nh\u01b0ng ch\u00fang c\u00f3 m\u1ee5c ti\u00eau v\u00e0 ph\u01b0\u01a1ng th\u1ee9c ho\u1ea1t \u0111\u1ed9ng kh\u00e1c nhau. S\u1ef1 ph\u00e2n bi\u1ec7t gi\u1eefa ch\u00fang trong WAF ph\u1ee5 thu\u1ed9c v\u00e0o c\u00e1ch qu\u1ea3n l\u00fd v\u00e0 x\u1eed l\u00fd l\u01b0u l\u01b0\u1ee3ng m\u1ea1ng \u0111\u1ebfn \u1ee9ng d\u1ee5ng web.<\/p>\n<ul>\n<li><strong>WAF d\u1ef1a tr\u00ean danh s\u00e1ch ch\u1eb7n (blocklist)<\/strong>: Blocklist WAF s\u1eed d\u1ee5ng m\u1ed9t danh s\u00e1ch \u0111en g\u1ed3m c\u00e1c \u0111\u1ecba ch\u1ec9 IP ho\u1eb7c <a href=\"https:\/\/interdata.vn\/blog\/domain-la-gi\/\">t\u00ean mi\u1ec1n<\/a> \u0111\u00e3 \u0111\u01b0\u1ee3c x\u00e1c \u0111\u1ecbnh l\u00e0 nguy hi\u1ec3m. WAF s\u1ebd ch\u1eb7n t\u1ea5t c\u1ea3 l\u01b0u l\u01b0\u1ee3ng t\u1eeb c\u00e1c ngu\u1ed3n n\u00e0y v\u00e0 cho ph\u00e9p c\u00e1c l\u01b0u l\u01b0\u1ee3ng kh\u00e1c v\u00e0o \u1ee9ng d\u1ee5ng, th\u01b0\u1eddng \u0111\u1ec3 ng\u0103n ch\u1eb7n c\u00e1c \u0111\u1ecba ch\u1ec9 \u0111\u00e1ng ng\u1edd ho\u1eb7c \u0111\u1ed9c h\u1ea1i.<\/li>\n<li><strong>WAF d\u1ef1a tr\u00ean danh s\u00e1ch cho ph\u00e9p (allowlist)<\/strong>: Ng\u01b0\u1ee3c l\u1ea1i, Allowlist WAF ch\u1ec9 cho ph\u00e9p l\u01b0u l\u01b0\u1ee3ng t\u1eeb danh s\u00e1ch tr\u1eafng c\u1ee7a c\u00e1c \u0111\u1ecba ch\u1ec9 IP ho\u1eb7c t\u00ean mi\u1ec1n an to\u00e0n, t\u1eeb ch\u1ed1i t\u1ea5t c\u1ea3 l\u01b0u l\u01b0\u1ee3ng kh\u00e1c. \u0110i\u1ec1u n\u00e0y gi\u00fap \u0111\u1ea3m b\u1ea3o r\u1eb1ng ch\u1ec9 nh\u1eefng ngu\u1ed3n \u0111\u00e3 \u0111\u01b0\u1ee3c x\u00e1c th\u1ef1c m\u1edbi c\u00f3 th\u1ec3 truy c\u1eadp v\u00e0o \u1ee9ng d\u1ee5ng.<\/li>\n<\/ul>\n<p>S\u1ef1 kh\u00e1c bi\u1ec7t ch\u00ednh gi\u1eefa blocklist v\u00e0 allowlist WAF n\u1eb1m \u1edf c\u00e1ch th\u1ee9c m\u00e0 ch\u00fang quy\u1ebft \u0111\u1ecbnh cho ph\u00e9p hay t\u1eeb ch\u1ed1i l\u01b0u l\u01b0\u1ee3ng. Blocklist s\u1ebd ch\u1eb7n c\u00e1c ngu\u1ed3n nguy hi\u1ec3m, trong khi allowlist ch\u1ec9 cho ph\u00e9p c\u00e1c ngu\u1ed3n an to\u00e0n.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Uu-diem-han-che-cua-WAF\"><\/span><strong>\u01afu \u0111i\u1ec3m &amp; h\u1ea1n ch\u1ebf c\u1ee7a WAF<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Vi\u1ec7c hi\u1ec3u r\u00f5 <strong>WAF l\u00e0 g\u00ec<\/strong> bao g\u1ed3m c\u1ea3 vi\u1ec7c nh\u1eadn th\u1ee9c \u0111\u01b0\u1ee3c nh\u1eefng \u0111i\u1ec3m m\u1ea1nh v\u00e0 \u0111i\u1ec3m y\u1ebfu c\u1ee7a n\u00f3.<\/p>\n<p><strong>\u01afu \u0111i\u1ec3m c\u1ee7a WAF:<\/strong><\/p>\n<ul>\n<li><strong>B\u1ea3o v\u1ec7 chuy\u00ean s\u00e2u:<\/strong> Cung c\u1ea5p l\u1edbp b\u1ea3o v\u1ec7 chuy\u00ean d\u1ee5ng cho L\u1edbp 7 m\u00e0 c\u00e1c thi\u1ebft b\u1ecb an ninh kh\u00e1c kh\u00f4ng l\u00e0m \u0111\u01b0\u1ee3c.<\/li>\n<li><strong>C\u1eadp nh\u1eadt li\u00ean t\u1ee5c:<\/strong> C\u00e1c nh\u00e0 cung c\u1ea5p Cloud WAF th\u01b0\u1eddng xuy\u00ean c\u1eadp nh\u1eadt b\u1ed9 quy t\u1eafc \u0111\u1ec3 ch\u1ed1ng l\u1ea1i c\u00e1c m\u1ed1i \u0111e d\u1ecda m\u1edbi nh\u1ea5t.<\/li>\n<li><strong>T\u0103ng c\u01b0\u1eddng kh\u1ea3 n\u0103ng hi\u1ec3n th\u1ecb:<\/strong> Cung c\u1ea5p c\u00e1c b\u00e1o c\u00e1o v\u00e0 nh\u1eadt k\u00fd chi ti\u1ebft v\u1ec1 c\u00e1c n\u1ed7 l\u1ef1c t\u1ea5n c\u00f4ng, gi\u00fap b\u1ea1n hi\u1ec3u r\u00f5 h\u01a1n v\u1ec1 c\u00e1c m\u1ed1i \u0111e d\u1ecda nh\u1eafm v\u00e0o m\u00ecnh.<\/li>\n<li><strong>H\u1ed7 tr\u1ee3 tu\u00e2n th\u1ee7:<\/strong> Gi\u00fap doanh nghi\u1ec7p \u0111\u00e1p \u1ee9ng c\u00e1c quy \u0111\u1ecbnh b\u1ea3o m\u1eadt nghi\u00eam ng\u1eb7t.<\/li>\n<\/ul>\n<p><strong>H\u1ea1n ch\u1ebf c\u1ee7a WAF:<\/strong><\/p>\n<ul>\n<li><strong>D\u01b0\u01a1ng t\u00ednh gi\u1ea3 (False Positives):<\/strong> WAF c\u00f3 th\u1ec3 ch\u1eb7n nh\u1ea7m c\u00e1c y\u00eau c\u1ea7u h\u1ee3p l\u1ec7 n\u1ebfu b\u1ed9 quy t\u1eafc qu\u00e1 nghi\u00eam ng\u1eb7t ho\u1eb7c kh\u00f4ng \u0111\u01b0\u1ee3c c\u1ea5u h\u00ecnh \u0111\u00fang.<\/li>\n<li><strong>Kh\u00f4ng ph\u1ea3i l\u00e0 gi\u1ea3i ph\u00e1p to\u00e0n n\u0103ng:<\/strong> WAF kh\u00f4ng th\u1ec3 b\u1ea3o v\u1ec7 ch\u1ed1ng l\u1ea1i m\u1ecdi lo\u1ea1i t\u1ea5n c\u00f4ng (v\u00ed d\u1ee5: ph\u1ea7n m\u1ec1m \u0111\u1ed9c h\u1ea1i tr\u00ean m\u00e1y ch\u1ee7, t\u1ea5n c\u00f4ng l\u1eeba \u0111\u1ea3o). N\u00f3 c\u1ea7n \u0111\u01b0\u1ee3c k\u1ebft h\u1ee3p v\u1edbi c\u00e1c gi\u1ea3i ph\u00e1p b\u1ea3o m\u1eadt kh\u00e1c.<\/li>\n<li><strong>\u0110\u00f2i h\u1ecfi qu\u1ea3n l\u00fd:<\/strong> C\u1ea7n ph\u1ea3i c\u00f3 ng\u01b0\u1eddi theo d\u00f5i, tinh ch\u1ec9nh c\u00e1c quy t\u1eafc \u0111\u1ec3 WAF ho\u1ea1t \u0111\u1ed9ng hi\u1ec7u qu\u1ea3 v\u00e0 gi\u1ea3m thi\u1ec3u d\u01b0\u01a1ng t\u00ednh gi\u1ea3.<\/li>\n<\/ul>\n<h2><span class=\"ez-toc-section\" id=\"WAF-vs-Firewall-truyen-thong-Khac-nhau-nhu-the-nao\"><\/span><strong>WAF vs Firewall truy\u1ec1n th\u1ed1ng: Kh\u00e1c nhau nh\u01b0 th\u1ebf n\u00e0o?<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Nhi\u1ec1u ng\u01b0\u1eddi th\u01b0\u1eddng nh\u1ea7m l\u1eabn gi\u1eefa WAF v\u00e0 t\u01b0\u1eddng l\u1eeda m\u1ea1ng truy\u1ec1n th\u1ed1ng. M\u1eb7c d\u00f9 c\u1ea3 hai \u0111\u1ec1u l\u00e0 thi\u1ebft b\u1ecb an ninh, nh\u01b0ng ch\u00fang ho\u1ea1t \u0111\u1ed9ng \u1edf c\u00e1c l\u1edbp kh\u00e1c nhau v\u00e0 c\u00f3 m\u1ee5c ti\u00eau b\u1ea3o v\u1ec7 kh\u00e1c nhau. Hi\u1ec3u r\u00f5 <strong>s\u1ef1 kh\u00e1c nhau gi\u1eefa WAF v\u00e0 Firewall<\/strong> l\u00e0 r\u1ea5t quan tr\u1ecdng.<\/p>\n<p>D\u01b0\u1edbi \u0111\u00e2y l\u00e0 b\u1ea3ng so s\u00e1nh gi\u1eefa WAF vs Firewall truy\u1ec1n th\u1ed1ng:<\/p>\n<table style=\"width: 100%; border-collapse: collapse; font-family: Arial, sans-serif; margin: 20px 0; border: 1px solid #0D6EFD;\">\n<thead>\n<tr style=\"background-color: #0d6efd; color: #fff; text-align: center;\">\n<th style=\"padding: 12px; border: 1px solid #0D6EFD;\">Ti\u00eau ch\u00ed<\/th>\n<th style=\"padding: 12px; border: 1px solid #0D6EFD;\">Firewall truy\u1ec1n th\u1ed1ng (Network Firewall)<\/th>\n<th style=\"padding: 12px; border: 1px solid #0D6EFD;\">WAF (Web Application Firewall)<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr style=\"background-color: #f9f9f9; text-align: left;\">\n<td style=\"padding: 10px; border: 1px solid #0D6EFD;\"><strong>L\u1edbp b\u1ea3o v\u1ec7 (OSI)<\/strong><\/td>\n<td style=\"padding: 10px; border: 1px solid #0D6EFD;\">L\u1edbp 3 (Network) v\u00e0 L\u1edbp 4 (Transport)<\/td>\n<td style=\"padding: 10px; border: 1px solid #0D6EFD;\">L\u1edbp 7 (Application)<\/td>\n<\/tr>\n<tr style=\"background-color: #ffffff; text-align: left;\">\n<td style=\"padding: 10px; border: 1px solid #0D6EFD;\"><strong>\u0110\u1ed1i t\u01b0\u1ee3ng b\u1ea3o v\u1ec7<\/strong><\/td>\n<td style=\"padding: 10px; border: 1px solid #0D6EFD;\">To\u00e0n b\u1ed9 h\u1ea1 t\u1ea7ng m\u1ea1ng<\/td>\n<td style=\"padding: 10px; border: 1px solid #0D6EFD;\">C\u1ee5 th\u1ec3 l\u00e0 c\u00e1c \u1ee9ng d\u1ee5ng web (website)<\/td>\n<\/tr>\n<tr style=\"background-color: #f9f9f9; text-align: left;\">\n<td style=\"padding: 10px; border: 1px solid #0D6EFD;\"><strong>C\u01a1 ch\u1ebf ho\u1ea1t \u0111\u1ed9ng<\/strong><\/td>\n<td style=\"padding: 10px; border: 1px solid #0D6EFD;\">L\u1ecdc l\u01b0u l\u01b0\u1ee3ng d\u1ef1a tr\u00ean \u0111\u1ecba ch\u1ec9 IP, c\u1ed5ng (<a href=\"https:\/\/interdata.vn\/blog\/port-la-gi\/\">port<\/a>) v\u00e0 giao th\u1ee9c (protocol).<\/td>\n<td style=\"padding: 10px; border: 1px solid #0D6EFD;\">Ph\u00e2n t\u00edch s\u00e2u n\u1ed9i dung c\u1ee7a c\u00e1c g\u00f3i tin HTTP\/HTTPS, hi\u1ec3u \u0111\u01b0\u1ee3c logic c\u1ee7a \u1ee9ng d\u1ee5ng.<\/td>\n<\/tr>\n<tr style=\"background-color: #ffffff; text-align: left;\">\n<td style=\"padding: 10px; border: 1px solid #0D6EFD;\"><strong>Lo\u1ea1i t\u1ea5n c\u00f4ng ng\u0103n ch\u1eb7n<\/strong><\/td>\n<td style=\"padding: 10px; border: 1px solid #0D6EFD;\">Truy c\u1eadp tr\u00e1i ph\u00e9p v\u00e0o m\u1ea1ng, qu\u00e9t c\u1ed5ng.<\/td>\n<td style=\"padding: 10px; border: 1px solid #0D6EFD;\">SQL Injection, Cross-Site Scripting (XSS), t\u1ea5n c\u00f4ng logic nghi\u1ec7p v\u1ee5.<\/td>\n<\/tr>\n<tr style=\"background-color: #f9f9f9; text-align: left;\">\n<td style=\"padding: 10px; border: 1px solid #0D6EFD;\"><strong>V\u00ed d\u1ee5 t\u01b0\u01a1ng t\u1ef1<\/strong><\/td>\n<td style=\"padding: 10px; border: 1px solid #0D6EFD;\">M\u1ed9t ng\u01b0\u1eddi b\u1ea3o v\u1ec7 \u1edf c\u1ed5ng ch\u00ednh c\u1ee7a t\u00f2a nh\u00e0, ch\u1ec9 ki\u1ec3m tra th\u1ebb ra v\u00e0o.<\/td>\n<td style=\"padding: 10px; border: 1px solid #0D6EFD;\">M\u1ed9t nh\u00e2n vi\u00ean an ninh \u1edf c\u1eeda t\u1eebng c\u0103n h\u1ed9, ki\u1ec3m tra m\u1ee5c \u0111\u00edch v\u00e0 h\u00e0nh vi c\u1ee7a kh\u00e1ch.<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>Vi\u1ec7c <b>so s\u00e1nh WAF v\u00e0 Firewall<\/b> cho th\u1ea5y ch\u00fang kh\u00f4ng thay th\u1ebf cho nhau m\u00e0 b\u1ed5 sung cho nhau, t\u1ea1o n\u00ean m\u1ed9t h\u1ec7 th\u1ed1ng ph\u00f2ng th\u1ee7 theo chi\u1ec1u s\u00e2u.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Su-khac-biet-giua-WAF-IPS-va-NGFW\"><\/span>S\u1ef1 kh\u00e1c bi\u1ec7t\u00a0gi\u1eefa WAF, IPS\u00a0v\u00e0 NGFW<span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>D\u01b0\u1edbi \u0111\u00e2y, InterData s\u1ebd ph\u00e2n t\u00edch chi ti\u1ebft v\u1ec1 s\u1ef1 kh\u00e1c bi\u1ec7t gi\u1eefa Web Application Firewall (WAF), Intrusion Prevention System (<a href=\"https:\/\/interdata.vn\/blog\/ips-la-gi\/\">IPS<\/a>) v\u00e0 Next Generation Firewall (NGFW) \u0111\u1ec3 b\u1ea1n c\u00f3 th\u1ec3 hi\u1ec3u h\u01a1n v\u1ec1 WAF:<\/p>\n<h3><span class=\"ez-toc-section\" id=\"1-WAF-Web-Application-Firewall\"><\/span>1. WAF (Web Application Firewall)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<ul>\n<li><strong>M\u1ee5c \u0111\u00edch ch\u00ednh<\/strong>:\u00a0B\u1ea3o v\u1ec7\u00a0\u1ee9ng d\u1ee5ng web\u00a0kh\u1ecfi\u00a0c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng\u00a0nh\u1eafm v\u00e0o l\u1edbp\u00a0\u1ee9ng d\u1ee5ng (L\u1edbp\u00a07 theo m\u00f4 h\u00ecnh\u00a0OSI).<\/li>\n<li><strong>Ch\u1ee9c n\u0103ng<\/strong>:\u00a0Gi\u00e1m s\u00e1t, l\u1ecdc v\u00e0\u00a0ch\u1eb7n l\u01b0u l\u01b0\u1ee3ng\u00a0HTTP\/HTTPS \u0111\u1ed9c\u00a0h\u1ea1i \u0111\u1ebfn t\u1eeb b\u00ean\u00a0ngo\u00e0i nh\u1eb1m ng\u0103n ch\u1eb7n c\u00e1c l\u1ed7 h\u1ed5ng nh\u01b0 SQL\u00a0Injection, Cross-Site Scripting (XSS), Cross-Site Request\u00a0Forgery (CSRF), t\u1ea5n c\u00f4ng bot, v\u00e0\u00a0c\u00e1c m\u1ed1i \u0111e d\u1ecda \u0111\u1eb7c th\u00f9 c\u1ee7a\u00a0\u1ee9ng d\u1ee5ng web.<\/li>\n<li><strong>Ho\u1ea1t \u0111\u1ed9ng\u00a0\u1edf l\u1edbp<\/strong>:\u00a0L\u1edbp\u00a07 (L\u1edbp \u1ee9ng d\u1ee5ng).<\/li>\n<li><strong>Ph\u1ea1m vi\u00a0b\u1ea3o v\u1ec7<\/strong>:\u00a0T\u1eadp trung\u00a0v\u00e0o b\u1ea3o v\u1ec7 c\u00e1c\u00a0\u1ee9ng d\u1ee5ng web\u00a0c\u1ee5 th\u1ec3, t\u1ea1o r\u00e0o ch\u1eafn gi\u1eefa ng\u01b0\u1eddi\u00a0d\u00f9ng v\u00e0 m\u00e1y ch\u1ee7\u00a0web.<\/li>\n<li><strong>\u01afu \u0111i\u1ec3m<\/strong>: C\u00f3 kh\u1ea3 n\u0103ng hi\u1ec3u s\u00e2u v\u1ec1 giao th\u1ee9c HTTP, n\u1ed9i dung \u1ee9ng d\u1ee5ng, v\u00e0 c\u00f3 th\u1ec3 \u00e1p d\u1ee5ng c\u00e1c ch\u00ednh s\u00e1ch b\u1ea3o m\u1eadt tinh vi, c\u1eadp nh\u1eadt linh ho\u1ea1t theo c\u00e1c m\u1ed1i \u0111e d\u1ecda m\u1edbi.<\/li>\n<\/ul>\n<h3><span class=\"ez-toc-section\" id=\"2-IPS-Intrusion-Prevention-System\"><\/span>2. IPS (Intrusion Prevention System)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>M\u1ee5c \u0111\u00edch ch\u00ednh:\u00a0Ph\u00e1t hi\u1ec7n\u00a0v\u00e0 ng\u0103n ch\u1eb7n c\u00e1c\u00a0h\u00e0nh vi x\u00e2m nh\u1eadp\u00a0ho\u1eb7c t\u1ea5n c\u00f4ng\u00a0m\u1ea1ng tr\u00ean to\u00e0n\u00a0b\u1ed9 h\u1ec7 th\u1ed1ng m\u1ea1ng.<\/p>\n<ul>\n<li><strong>Ch\u1ee9c n\u0103ng<\/strong>:\u00a0Gi\u00e1m s\u00e1t l\u01b0u\u00a0l\u01b0\u1ee3ng m\u1ea1ng \u1edf\u00a0c\u00e1c l\u1edbp th\u1ea5p\u00a0h\u01a1n (L\u1edbp 3 v\u00e0\u00a04), ph\u00e1t hi\u1ec7n\u00a0c\u00e1c m\u1eabu t\u1ea5n c\u00f4ng\u00a0d\u1ef1a tr\u00ean ch\u1eef\u00a0k\u00fd ho\u1eb7c h\u00e0nh\u00a0vi b\u1ea5t th\u01b0\u1eddng, ng\u0103n ch\u1eb7n c\u00e1c\u00a0cu\u1ed9c t\u1ea5n c\u00f4ng\u00a0nh\u01b0 qu\u00e9t c\u1ed5ng, <a href=\"https:\/\/interdata.vn\/blog\/dos-attack-la-gi\/\">t\u1ea5n c\u00f4ng DoS<\/a>\/DDoS, khai\u00a0th\u00e1c l\u1ed7 h\u1ed5ng m\u1ea1ng.<\/li>\n<li><strong>Ho\u1ea1t \u0111\u1ed9ng\u00a0\u1edf l\u1edbp<\/strong>:\u00a0L\u1edbp\u00a03 (M\u1ea1ng) v\u00e0 L\u1edbp 4 (Giao v\u1eadn).<\/li>\n<li><strong>Ph\u1ea1m vi\u00a0b\u1ea3o v\u1ec7<\/strong>:\u00a0To\u00e0n b\u1ed9 m\u1ea1ng, kh\u00f4ng\u00a0t\u1eadp trung ri\u00eang\u00a0v\u00e0o \u1ee9ng d\u1ee5ng\u00a0web m\u00e0 b\u1ea3o v\u1ec7\u00a0l\u01b0u l\u01b0\u1ee3ng m\u1ea1ng\u00a0chung.<\/li>\n<li><strong>\u01afu \u0111i\u1ec3m<\/strong>: Ng\u0103n ch\u1eb7n c\u00e1c m\u1ed1i \u0111e d\u1ecda m\u1ea1ng truy\u1ec1n th\u1ed1ng, b\u1ea3o v\u1ec7 h\u1ea1 t\u1ea7ng m\u1ea1ng kh\u1ecfi c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng m\u1ea1ng ph\u1ed5 bi\u1ebfn.<\/li>\n<\/ul>\n<h3><span class=\"ez-toc-section\" id=\"3-NGFW-Next-Generation-Firewall\"><\/span>3. NGFW (Next Generation Firewall)<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>M\u1ee5c \u0111\u00edch ch\u00ednh:\u00a0L\u00e0 t\u01b0\u1eddng l\u1eeda th\u1ebf h\u1ec7 m\u1edbi\u00a0k\u1ebft h\u1ee3p c\u00e1c t\u00ednh\u00a0n\u0103ng c\u1ee7a t\u01b0\u1eddng l\u1eeda truy\u1ec1n th\u1ed1ng, IPS v\u00e0 m\u1ed9t ph\u1ea7n\u00a0t\u00ednh n\u0103ng c\u1ee7a\u00a0WAF \u0111\u1ec3 b\u1ea3o v\u1ec7\u00a0to\u00e0n di\u1ec7n h\u1ec7\u00a0th\u1ed1ng m\u1ea1ng v\u00e0\u00a0\u1ee9ng d\u1ee5ng.<\/p>\n<ul>\n<li><strong>Ch\u1ee9c n\u0103ng<\/strong>: L\u1ecdc l\u01b0u l\u01b0\u1ee3ng m\u1ea1ng d\u1ef1a tr\u00ean \u0111\u1ecba ch\u1ec9 IP, c\u1ed5ng, giao th\u1ee9c (nh\u01b0 t\u01b0\u1eddng l\u1eeda truy\u1ec1n th\u1ed1ng). Ki\u1ec3m so\u00e1t \u1ee9ng d\u1ee5ng, l\u1ecdc URL, ng\u0103n ch\u1eb7n x\u00e2m nh\u1eadp (t\u00edch h\u1ee3p IPS). M\u1ed9t\u00a0s\u1ed1 NGFW c\u00f2n c\u00f3\u00a0kh\u1ea3 n\u0103ng b\u1ea3o\u00a0v\u1ec7 \u1ee9ng d\u1ee5ng c\u01a1\u00a0b\u1ea3n \u1edf L\u1edbp 7, nh\u01b0ng\u00a0kh\u00f4ng chuy\u00ean\u00a0s\u00e2u nh\u01b0 WAF.<\/li>\n<li><strong>Ho\u1ea1t \u0111\u1ed9ng \u1edf l\u1edbp<\/strong>:\u00a0L\u1edbp 3 v\u00e0\u00a04 ch\u1ee7 y\u1ebfu, c\u00f3\u00a0m\u1edf r\u1ed9ng \u0111\u1ebfn l\u1edbp\u00a07 cho m\u1ed9t s\u1ed1\u00a0t\u00ednh n\u0103ng \u1ee9ng\u00a0d\u1ee5ng.<\/li>\n<li><strong>Ph\u1ea1m vi b\u1ea3o v\u1ec7<\/strong>:\u00a0To\u00e0n b\u1ed9 m\u1ea1ng\u00a0doanh nghi\u1ec7p, bao g\u1ed3m c\u1ea3 l\u01b0u\u00a0l\u01b0\u1ee3ng n\u1ed9i b\u1ed9\u00a0v\u00e0 truy c\u1eadp Internet.<\/li>\n<li><strong>\u01afu \u0111i\u1ec3m<\/strong>:\u00a0Cung c\u1ea5p kh\u1ea3\u00a0n\u0103ng b\u1ea3o v\u1ec7 \u0111a\u00a0l\u1edbp, t\u00edch h\u1ee3p\u00a0nhi\u1ec1u ch\u1ee9c n\u0103ng\u00a0b\u1ea3o m\u1eadt trong\u00a0m\u1ed9t thi\u1ebft b\u1ecb\u00a0duy nh\u1ea5t, gi\u1ea3m\u00a0\u0111\u1ed9 ph\u1ee9c t\u1ea1p trong\u00a0qu\u1ea3n l\u00fd b\u1ea3o m\u1eadt.<\/li>\n<\/ul>\n<p>T\u00f9y theo nhu c\u1ea7u b\u1ea3o m\u1eadt v\u00e0 ph\u1ea1m vi b\u1ea3o v\u1ec7, t\u1ed5 ch\u1ee9c c\u00f3 th\u1ec3 l\u1ef1a ch\u1ecdn ho\u1eb7c k\u1ebft h\u1ee3p c\u1ea3 ba \u0111\u1ec3 \u0111\u1ea1t hi\u1ec7u qu\u1ea3 b\u1ea3o v\u1ec7 t\u1ed1i \u01b0u.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Top-5-WAF-pho-bien-va-hieu-qua-nhat-2025\"><\/span><strong>Top 5 WAF ph\u1ed5 bi\u1ebfn v\u00e0 hi\u1ec7u qu\u1ea3 nh\u1ea5t 2025<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Th\u1ecb tr\u01b0\u1eddng hi\u1ec7n c\u00f3 nhi\u1ec1u <strong>nh\u00e0 cung c\u1ea5p WAF<\/strong> uy t\u00edn. D\u01b0\u1edbi \u0111\u00e2y l\u00e0 5 c\u00e1i t\u00ean h\u00e0ng \u0111\u1ea7u \u0111\u01b0\u1ee3c c\u00f4ng nh\u1eadn r\u1ed9ng r\u00e3i v\u1ec1 hi\u1ec7u qu\u1ea3 v\u00e0 t\u00ednh n\u0103ng.<\/p>\n<ol>\n<li><strong><a href=\"https:\/\/interdata.vn\/blog\/cloudflare-la-gi\/\">Cloudflare<\/a> WAF:<\/strong> R\u1ea5t ph\u1ed5 bi\u1ebfn, n\u1ed5i b\u1eadt v\u1edbi m\u1ea1ng l\u01b0\u1edbi CDN kh\u1ed5ng l\u1ed3, kh\u1ea3 n\u0103ng ch\u1ed1ng DDoS m\u1ea1nh m\u1ebd v\u00e0 g\u00f3i mi\u1ec5n ph\u00ed h\u1ea5p d\u1eabn cho ng\u01b0\u1eddi d\u00f9ng c\u00e1 nh\u00e2n.<\/li>\n<li><strong>AWS WAF:<\/strong> M\u1ed9t l\u1ef1a ch\u1ecdn m\u1ea1nh m\u1ebd cho nh\u1eefng ai \u0111ang s\u1eed d\u1ee5ng h\u1ec7 sinh th\u00e1i Amazon Web Services. T\u00edch h\u1ee3p s\u00e2u v\u1edbi c\u00e1c d\u1ecbch v\u1ee5 kh\u00e1c nh\u01b0 CloudFront, Application Load Balancer.<\/li>\n<li><strong>Imperva WAF:<\/strong> \u0110\u01b0\u1ee3c xem l\u00e0 m\u1ed9t trong nh\u1eefng ng\u01b0\u1eddi d\u1eabn \u0111\u1ea7u th\u1ecb tr\u01b0\u1eddng (theo Gartner), cung c\u1ea5p kh\u1ea3 n\u0103ng b\u1ea3o m\u1eadt r\u1ea5t cao, \u0111\u1eb7c bi\u1ec7t m\u1ea1nh v\u1ec1 b\u1ea3o v\u1ec7 API v\u00e0 ch\u1ed1ng bot.<\/li>\n<li><strong>Akamai Kona Site Defender:<\/strong> K\u1ebft h\u1ee3p WAF v\u1edbi c\u00e1c gi\u1ea3i ph\u00e1p b\u1ea3o m\u1eadt v\u00e0 t\u0103ng t\u1ed1c hi\u1ec7u su\u1ea5t kh\u00e1c tr\u00ean m\u1ed9t n\u1ec1n t\u1ea3ng to\u00e0n di\u1ec7n, ph\u00f9 h\u1ee3p cho c\u00e1c doanh nghi\u1ec7p l\u1edbn.<\/li>\n<li><strong>F5 Advanced WAF:<\/strong> M\u1ed9t gi\u1ea3i ph\u00e1p m\u1ea1nh m\u1ebd, th\u01b0\u1eddng \u0111\u01b0\u1ee3c tri\u1ec3n khai d\u01b0\u1edbi d\u1ea1ng ph\u1ea7n c\u1ee9ng ho\u1eb7c ph\u1ea7n m\u1ec1m, cung c\u1ea5p kh\u1ea3 n\u0103ng t\u00f9y ch\u1ec9nh s\u00e2u v\u00e0 b\u1ea3o v\u1ec7 ch\u1ed1ng l\u1ea1i c\u00e1c m\u1ed1i \u0111e d\u1ecda ph\u1ee9c t\u1ea1p.<\/li>\n<\/ol>\n<figure id=\"attachment_34585\" aria-describedby=\"caption-attachment-34585\" style=\"width: 800px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-34585\" src=\"https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/06\/5-WAF-pho-bien-hien-nay.jpg\" alt=\"5 WAF ph\u1ed5 bi\u1ebfn hi\u1ec7n nay\" width=\"800\" height=\"500\" title=\"\" srcset=\"https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/06\/5-WAF-pho-bien-hien-nay.jpg 800w, https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/06\/5-WAF-pho-bien-hien-nay-300x188.jpg 300w, https:\/\/interdata.vn\/blog\/wp-content\/uploads\/2025\/06\/5-WAF-pho-bien-hien-nay-768x480.jpg 768w\" sizes=\"auto, (max-width: 800px) 100vw, 800px\" \/><figcaption id=\"caption-attachment-34585\" class=\"wp-caption-text\">5 WAF ph\u1ed5 bi\u1ebfn hi\u1ec7n nay<\/figcaption><\/figure>\n<h2><span class=\"ez-toc-section\" id=\"Khi-nao-nen-trien-khai-WAF-cho-website-cua-ban\"><\/span><strong>Khi n\u00e0o n\u00ean tri\u1ec3n khai WAF cho website c\u1ee7a b\u1ea1n?<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>B\u1ea1n n\u00ean c\u00e2n nh\u1eafc <strong>tri\u1ec3n khai WAF<\/strong> ngay l\u1eadp t\u1ee9c n\u1ebfu website c\u1ee7a b\u1ea1n thu\u1ed9c m\u1ed9t trong c\u00e1c tr\u01b0\u1eddng h\u1ee3p sau:<\/p>\n<ul>\n<li>L\u00e0 trang th\u01b0\u01a1ng m\u1ea1i \u0111i\u1ec7n t\u1eed, c\u00f3 x\u1eed l\u00fd thanh to\u00e1n tr\u1ef1c tuy\u1ebfn.<\/li>\n<li>Thu th\u1eadp v\u00e0 l\u01b0u tr\u1eef th\u00f4ng tin nh\u1ea1y c\u1ea3m c\u1ee7a ng\u01b0\u1eddi d\u00f9ng (th\u00f4ng tin c\u00e1 nh\u00e2n, y t\u1ebf, t\u00e0i ch\u00ednh).<\/li>\n<li>\u0110\u01b0\u1ee3c x\u00e2y d\u1ef1ng tr\u00ean c\u00e1c n\u1ec1n t\u1ea3ng <a href=\"https:\/\/interdata.vn\/blog\/cms-la-gi\/\">CMS<\/a> ph\u1ed5 bi\u1ebfn nh\u01b0 <a href=\"https:\/\/interdata.vn\/blog\/wordpress-la-gi\/\">WordPress<\/a>, <a href=\"https:\/\/interdata.vn\/blog\/magento-la-gi\/\">Magento<\/a>, <a href=\"https:\/\/interdata.vn\/blog\/drupal-la-gi\/\">Drupal<\/a>.<\/li>\n<li>Cung c\u1ea5p c\u00e1c API quan tr\u1ecdng cho \u0111\u1ed1i t\u00e1c ho\u1eb7c \u1ee9ng d\u1ee5ng di \u0111\u1ed9ng.<\/li>\n<li>L\u00e0 website c\u1ee7a m\u1ed9t th\u01b0\u01a1ng hi\u1ec7u l\u1edbn, c\u00f3 nguy c\u01a1 tr\u1edf th\u00e0nh m\u1ee5c ti\u00eau c\u1ee7a tin t\u1eb7c.<\/li>\n<\/ul>\n<p>V\u1ec1 c\u01a1 b\u1ea3n, b\u1ea5t k\u1ef3 website n\u00e0o quan tr\u1ecdng \u0111\u1ed1i v\u1edbi ho\u1ea1t \u0111\u1ed9ng kinh doanh \u0111\u1ec1u n\u00ean \u0111\u01b0\u1ee3c b\u1ea3o v\u1ec7 b\u1edfi WAF.<\/p>\n<h2><span class=\"ez-toc-section\" id=\"Tieu-chi-lua-chon-nha-cung-cap-WAF-phu-hop\"><\/span><strong>Ti\u00eau ch\u00ed l\u1ef1a ch\u1ecdn nh\u00e0 cung c\u1ea5p WAF ph\u00f9 h\u1ee3p<\/strong><span class=\"ez-toc-section-end\"><\/span><\/h2>\n<p>Vi\u1ec7c ch\u1ecdn \u0111\u00fang <strong>nh\u00e0 cung c\u1ea5p WAF<\/strong> l\u00e0 m\u1ed9t quy\u1ebft \u0111\u1ecbnh quan tr\u1ecdng. H\u00e3y d\u1ef1a v\u00e0o c\u00e1c ti\u00eau ch\u00ed sau \u0111\u1ec3 \u0111\u00e1nh gi\u00e1:<\/p>\n<ul>\n<li><strong>Hi\u1ec7u su\u1ea5t v\u00e0 \u0111\u1ed9 tr\u1ec5:<\/strong> Gi\u1ea3i ph\u00e1p WAF c\u00f3 l\u00e0m \u1ea3nh h\u01b0\u1edfng \u0111\u1ebfn t\u1ed1c \u0111\u1ed9 t\u1ea3i trang kh\u00f4ng? Nh\u00e0 cung c\u1ea5p c\u00f3 c\u00e1c \u0111i\u1ec3m hi\u1ec7n di\u1ec7n (PoP) g\u1ea7n v\u1edbi ng\u01b0\u1eddi d\u00f9ng c\u1ee7a b\u1ea1n kh\u00f4ng?<\/li>\n<li><strong>Kh\u1ea3 n\u0103ng t\u00f9y ch\u1ec9nh quy t\u1eafc:<\/strong> B\u1ea1n c\u00f3 th\u1ec3 d\u1ec5 d\u00e0ng tinh ch\u1ec9nh c\u00e1c b\u1ed9 quy t\u1eafc \u0111\u1ec3 ph\u00f9 h\u1ee3p v\u1edbi \u1ee9ng d\u1ee5ng c\u1ee7a m\u00ecnh v\u00e0 gi\u1ea3m thi\u1ec3u d\u01b0\u01a1ng t\u00ednh gi\u1ea3 kh\u00f4ng?<\/li>\n<li><strong>H\u1ec7 th\u1ed1ng b\u00e1o c\u00e1o v\u00e0 c\u1ea3nh b\u00e1o:<\/strong> Nh\u00e0 cung c\u1ea5p c\u00f3 cung c\u1ea5p dashboard tr\u1ef1c quan, b\u00e1o c\u00e1o chi ti\u1ebft v\u00e0 c\u1ea3nh b\u00e1o theo th\u1eddi gian th\u1ef1c khi c\u00f3 t\u1ea5n c\u00f4ng x\u1ea3y ra kh\u00f4ng?<\/li>\n<li><strong>Ch\u1ea5t l\u01b0\u1ee3ng h\u1ed7 tr\u1ee3 k\u1ef9 thu\u1eadt:<\/strong> \u0110\u1ed9i ng\u0169 h\u1ed7 tr\u1ee3 c\u00f3 chuy\u00ean m\u00f4n cao, ph\u1ea3n h\u1ed3i nhanh ch\u00f3ng v\u00e0 h\u1ed7 tr\u1ee3 24\/7 kh\u00f4ng? \u0110\u1eb7c bi\u1ec7t, h\u1ed7 tr\u1ee3 b\u1eb1ng ng\u00f4n ng\u1eef \u0111\u1ecba ph\u01b0\u01a1ng (ti\u1ebfng Vi\u1ec7t) l\u00e0 m\u1ed9t l\u1ee3i th\u1ebf l\u1edbn.<\/li>\n<li><strong>Chi ph\u00ed t\u1ed5ng th\u1ec3 (TCO):<\/strong> Xem x\u00e9t to\u00e0n b\u1ed9 chi ph\u00ed, bao g\u1ed3m ph\u00ed c\u00e0i \u0111\u1eb7t, ph\u00ed thu\u00ea bao h\u00e0ng th\u00e1ng v\u00e0 chi ph\u00ed nh\u00e2n s\u1ef1 qu\u1ea3n l\u00fd \u0111\u1ec3 c\u00f3 c\u00e1i nh\u00ecn t\u1ed5ng quan v\u1ec1 <strong>b\u00e1o gi\u00e1 WAF<\/strong>.<\/li>\n<\/ul>\n<p>Hi\u1ec3u r\u00f5 <strong>WAF l\u00e0 g\u00ec<\/strong> v\u00e0 c\u00e1c y\u1ebfu t\u1ed1 xung quanh n\u00f3 s\u1ebd gi\u00fap b\u1ea1n \u0111\u01b0a ra l\u1ef1a ch\u1ecdn s\u00e1ng su\u1ed1t, trang b\u1ecb cho website c\u1ee7a m\u00ecnh m\u1ed9t l\u1edbp b\u1ea3o v\u1ec7 v\u1eefng ch\u1eafc tr\u01b0\u1edbc nh\u1eefng m\u1ed1i \u0111e d\u1ecda kh\u00f4ng ng\u1eebng ph\u00e1t tri\u1ec3n tr\u00ean kh\u00f4ng gian m\u1ea1ng.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Trong b\u1ed1i c\u1ea3nh an ninh m\u1ea1ng ng\u00e0y c\u00e0ng ph\u1ee9c t\u1ea1p, vi\u1ec7c b\u1ea3o v\u1ec7 website kh\u00f4ng ch\u1ec9 d\u1eebng l\u1ea1i \u1edf vi\u1ec7c c\u00f3 m\u1ed9t m\u1eadt kh\u1ea9u m\u1ea1nh hay c\u00e0i \u0111\u1eb7t SSL. WAF (Web Application Firewall) \u0111\u00f3ng vai tr\u00f2 nh\u01b0 m\u1ed9t l\u1edbp b\u1ea3o v\u1ec7 quan tr\u1ecdng, gi\u00fap ng\u0103n ch\u1eb7n c\u00e1c cu\u1ed9c t\u1ea5n c\u00f4ng v\u00e0o t\u1ea7ng \u1ee9ng d\u1ee5ng web<\/p>\n","protected":false},"author":11,"featured_media":29964,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[83],"tags":[],"class_list":["post-18091","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-bao-mat-an-ninh-mang"],"_links":{"self":[{"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/posts\/18091","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/comments?post=18091"}],"version-history":[{"count":8,"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/posts\/18091\/revisions"}],"predecessor-version":[{"id":34586,"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/posts\/18091\/revisions\/34586"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/media\/29964"}],"wp:attachment":[{"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/media?parent=18091"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/categories?post=18091"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/interdata.vn\/blog\/wp-json\/wp\/v2\/tags?post=18091"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}