A web application firewall (WAF) is a security tool that protects web applications by filtering and monitoring HTTP traffic. It defends against attacks like cross-site scripting (XSS), SQL injection, cross-site request forgery, and file inclusion. Operating as the OSI model’s Layer 7, a WAF acts as a reverse proxy, placing a shield between clients and the server. It uses configurable rules, or policies, to block malicious traffic and can be quickly adjusted to respond to emerging threats, such as implementing rate limiting during a DDoS attack.
