WAF (Web Application Firewall)

Web Application Firewall (WAF) is a security solution that filters, tracks, and blocks Hypertext Transfer Protocol (HTTP) traffic to protect applications and servers. It applies a set of rules in the conversation between a web application and the internet, identifying the benign from the malicious traffic, and preventing potential security threats from infiltrating the system.

Attacks on web applications and servers come in different forms such as SQL injections, cross-site scripting (XSS), distributed denial of service (DDoS), file inclusion, security misconfigurations, cookie poisoning, field manipulation, parameter tampering, forced browsing, stealth commanding, and malware infections. Without a protective layer that stands between the network and the application, hackers can get into the server and access a company s sensitive information.

WAF shields an application against vulnerabilities by rerouting clients through a rule-based filter mechanism before connecting to the server. In a way, it serves as a reverse proxy by sending requests to the WAF, screening them, then sending traffic to the web application. As it analyzes data packets on a two-way HTTP traffic, pernicious elements can immediately be detected and prevented from getting into the server, thereby protecting the system from attacks.

Benefits of WAF

WAF runs in a physical device, plugin, or cloud service, and it provides the following advantages:

  • Discovers a web application s security vulnerabilities and coding errors that need immediate fixes
  • Prevents unauthorized transfer of sensitive data away from the application
  • Complements other perimeter defense and protective systems such as firewalls and intrusion prevention tools
  • Averts attacks that bypass the network firewalls and defends a web application without having to access its source code
  • Allows users to quickly modify an application s settings in response to the security threats

Blacklist and whitelist WAFs

WAF offers blacklist or negative security, whitelist or positive security, and a hybrid of the two security models. Blacklist WAF protects against known attacks, denying harmful data transfers that can expose an application s security vulnerability. On the other hand, whitelist WAF denies unknown and default traffic, allowing only trusted and pre-approved requests.

Types of WAF

WAF offers protection to a range of enterprises and industries such as e-commerce, banking, and social media platforms that need data security for their back-end databases. It can be implemented in three ways:

  • Network-based is a hardware-based type of WAF installed in a local network but requires storage and maintenance, entailing cost. The appliance device can be expensive, but its deployment is scalable.
  • Host-based is a less expensive type that is integrated into the application with a number of customization options.
  • Cloud-based is the most affordable of the three and the easiest to implement, and it comes with regular updates. A cloud-based WAF is usually a security-as-a-service solution operated by a third-party provider.

Webopedia Staff
Since 1995, more than 100 tech experts and researchers have kept Webopedia’s definitions, articles, and study guides up to date. For more information on current editorial staff, please visit our About page.

Top Articles

The Complete List of 1500+ Common Text Abbreviations & Acronyms

From A3 to ZZZ we list 1,559 SMS, online chat, and text abbreviations to help you translate and understand today's texting lingo. Includes Top...

List of Windows Operating System Versions & History [In Order]

The Windows operating system (Windows OS) refers to a family of operating systems developed by Microsoft Corporation. We look at the history of Windows...

How to Create a Website Shortcut on Your Desktop

Website Shortcut on Your Desktop reviewed by Web Webster   This Webopedia guide will show you how to create a website shortcut on your desktop using...

Generations of Computers (1st to 5th)

Reviewed by Web Webster Learn about each of the 5 generations of computers and major technology developments that have led to the computing devices that...

Snail Mail

Snail mail, also called direct mail, is a slang term for...

CC vs BCC: What...

CC and BCC are two options to add third-party recipients to...


  Eventbrite is an online event posting, event management, and ticketing website. Eventbrite can...