Blog Security Research What You Should Know About BreakingWAF Customers are advised to enable these capabilities and mitigate the risks highlighted by the research. Executive summary \r\n A third-party research team published a blog post about a technique to bypass web application firewall (WAF) solutions that they call BreakingWAF. \r\n \r\n The research highlights a condition that is inherent in the way HTTP proxy technologies work. \r\n \r\n BreakingWAF is not a vulnerability stemming from WAF solutions — it is a misconfiguration vulnerability that vendors like Akamai address during customer onboarding. \r\n \r\n Securing origin server access is a standard practice when customers’ onboard to a content delivery network (CDN). \r\n \r\n \r\n On December 3, 2024, a third-party research team published a blog post announcing a “widespread WAF bypass technique” that they dubbed BreakingWAF.…