W
WAF (Web Application Firewall)
A security solution that monitors, filters, and blocks HTTP traffic to and from web applications to protect against application-layer attacks.
What is a WAF?
A Web Application Firewall (WAF) protects web applications by filtering and monitoring HTTP/HTTPS traffic between a web application and the internet. WAFs specifically target application-layer attacks that traditional network firewalls cannot detect.
How WAFs Work
WAFs inspect incoming requests and compare them against rules designed to identify malicious traffic patterns:
- Positive Security Model: Allow only known-good traffic
- Negative Security Model: Block known-bad patterns
- Hybrid: Combination of both approaches
Attacks WAFs Protect Against
- SQL Injection
- Cross-Site Scripting (XSS)
- Cross-Site Request Forgery (CSRF)
- Remote File Inclusion
- XML External Entity (XXE)
- OWASP Top 10 vulnerabilities
WAF Deployment Models
- Cloud-based: Managed service (Cloudflare, AWS WAF)
- On-premises: Hardware or software appliance
- Host-based: Installed on web server
WAF Limitations
- Cannot protect against all attack types
- May produce false positives
- Requires ongoing rule maintenance
- Performance impact if not properly sized
- Not a replacement for secure coding