Oracle's Web Application Firewall - architecture
SummaryDoes the WAF inspects/filters out the server's response before it is sent to the client?
I was wondering if the WAF filters out only suspicious requests made by the client, or in addition to inspecting the incoming requests, the WAF is going to check the response made by the server before it is sent to the client.
It is obvious that the diagram below holds:
Client --request--> --WAF--> --request--> Server
The question is whether the following holds as well:
Client <--response-- <--WAF-- <--response-- Server
Thanks in advance!