Skip to main content Link Menu Expand (external link) Document Search Copy Copied
Concepts

Web Application Firewall (WAF)

A WAF or Web Application [firewall] helps protect web applications by filtering and monitoring HTTP traffic between a web application and the Internet. It typically protects web applications from attacks such as cross-site forgery, cross-site-scripting (XSS), file inclusion, and SQL injection, among others. A WAF is a protocol layer 7 defense (in the OSI model), and is not designed to defend against all types of attacks. This method of attack mitigation is usually part of a suite of tools which together create a holistic defense against a range of attack vectors.

By deploying a WAF in front of a [web application, a shield is placed between the web application and the Internet. While a [proxy-server] protects a client machine’s identity by using an intermediary, a WAF is a type of [reverse-proxy], protecting the server from exposure by having clients pass through the WAF before reaching the server.

A WAF operates through a set of rules often called policies. These policies aim to protect against [vulnerability] in the application by filtering out malicious traffic. The value of a WAF comes in part from the speed and ease with which policy modification can be implemented, allowing for faster response to varying attack vectors; during a DDoS attack, rate limiting can be quickly implemented by modifying WAF policies.

  • [What is a WAF? Web Application Firewall explained](https://www.cloudflare.com/en-gb/learning/ddos/glossary/web-application-firewall-waf/)