Web Application Proxy
Web Application Proxy (WAP), is a remote access computer software feature in Windows Server 2012 R2. It was introduced after the discontinuation of Microsoft Forefront Unified Access Gateway (UAG). WAP provides the reverse proxy capability that allows users outside a corporate network to access web applications hosted on the internal corporate network. WAP uses Active Directory Federation Services (ADFS) for pre-authenticated access to internally hosted corporate web applications such as SharePoint.
While the (WAP) Replaces the Proxy functionality of Microsoft unified Access Gateway, it does not replace several other important functions that were contained within Access gateway. Consequently several companies such as F5, Citrix & others have filled in the gaps with products known as ADCs (Application Delivery Controllers).
As a reference, Microsoft broadcasts its intention in its FAQ:
"4.) Is WAP a replacement for TMG 2010 and/or UAG 2010?
No. The bottom line is that WAP offers a very small subset of what both TMG and UAG offered. WAP is pure and simple a reverse proxy solution for publishing your internal web applications to external clients.
5.) Is Web Application Proxy a Web Application Firewall?
No. WAP is purely a reverse proxy and that is why we recommend that you protect it with an Edge device and also a backend firewall."[1]
In reference to point 5 in the Microsoft FAQ, An application published purely with WAP would be susceptible to SQL Injection, XSS, data leaks, and more.
In reference to Point 4 in the Microsoft FAQ, a simple reverse proxy does not allow for offloading of authentication via forms based authentication, which was another UAG/TMG function. Additionally, with attack vectors such as DOS and DDos attacks becoming more common and easier to achieve, it is important to note this product also offers no protection from these types of attacks as well.
References
- ↑ "Web Application Proxy (FAQs)". Microsoft TechNet.