A web application firewall (WAF) protects web application servers and infrastructure from attacks and breaches originating from the Internet and external networks.
It is a purpose-built firewall that can be customized to accept and reject HTTP requests and sessions using predefined rules.
A web application firewall (WAF) is usually deployed between the web servers and the Internet. It is typically a standalone device having a pre-installed vendor-provided firewall application.
It filters each incoming and outgoing message. Once configured with known malicious HTTP-based attacks, the web application firewall scans and stops such messages and requests. For example, it can protect an application/server from Internet-based threats such as: “SQL injection attacks, XML injection, DDoS”.
A web application firewall can be a standalone hardware device, and also a cloud/software-based solution.