Back to glossary

Web Application Firewall

A specific type of firewall that filters, monitors, and blocks HTTP traffic to and from a web application.

AbbreviationWAF
Categorynetwork

Overview

While a traditional firewall protects the network, a WAF protects the application. it is designed to defend against attacks that target web vulnerabilities, such as SQL injection, Cross-Site Scripting (XSS), and file inclusion.

How it Works

A WAF sits in front of the web application and inspects every HTTP request. It uses a set of rules (policies) to identify and block malicious traffic. It can be implemented as a hardware appliance, software, or a cloud-based service.

Key Features

  • Protection against OWASP Top 10: Defends against the most common web application security risks.
  • Virtual Patching: Quickly block a newly discovered vulnerability before the application code can be fixed.
  • Bot Management: Distinguish between 'good' bots (search engines) and 'bad' bots (scrapers, credential stuffers).