A Web Application Firewall (WAF) is a type of firewall designed to protect web applications by filtering, monitoring and blocking malicious inbound and outbound HTTP/HTTPS traffic.
Unlike traditional firewalls, which focus on the network or transport layers, WAFs operate at the application layer of the OSI model. They are essential for preventing attacks specific to web applications, such as SQL injectionscross-site scripting (XSS), and attacks by denial of service (DDoS).
How a WAF works
A WAF inspects HTTP/HTTPS traffic in depth to detect and block attacks specifically targeting web applications. It uses security rules based on white lists (positive security model) or black lists (negative security model) to determine whether a request is legitimate or malicious. WAFs can be deployed as software, on-premise equipment or via cloud-based solutions.
WAF editors
Several companies dominate the WAF market with well-known products, including :
- Akamai Technologies
- Barracuda Networks
- Cloudflare
- Citrix Systems
- Qualys