If using a WAF, disclosing the IP addresses of web servers under an organisation’s control (referred to as origin servers) is avoided and access to the origin servers is restricted to the WAF and authorised management networks.
Topic
Web application firewalls
Applicable to
all
History
Jun 2023
If using a WAF, disclosing the IP addresses of web servers under an organisation’s control (referred to as origin servers) is avoided and access to the origin servers is restricted to the WAF and authorised management networks.
A new control was added covering both avoiding the disclosure of Internet Protocol addresses of web servers under an organisation’s control (referred to as origin servers) when they sit behind a web application firewall, and restricting access to origin servers to only the WAF and authorised management networks.