WAF

What is WAF?

WAF stands for Web Application Firewall. It filters and monitors the HTTP traffic between the internet and a web application in order to protect the application from attacks.

These attacks are usually:
- cross-site forgery
- cross-site scripting
- file inclusion
- SQL injection

WAF is the seventh layer in OSI i.e. it is designed only to protect applications and not all kinds of attacks. WAF is only one part of a group of tools to form a full protection against a vast range of attacks.

While a proxy server protects the user’s machine identity, WAF is an inverted proxy which means it protects the server against attacks from the user’s machine.

How does WAF work?

WAF uses a set of rules called policies. The goal is to protect the server from malicious traffics. WAF benefits from the speed and modification of the policies. For instance, during a DDoS attack, we can limit the rate by modifying WAF policies.