Web Application Firewall

Revision as of 18:16, 18 October 2016 by Jtpereyda (talk | contribs) (Description: Adding clarifying info comparing with proxies and reverse proxies. Source: http://security.stackexchange.com/a/93847/5997)

Jump to: navigation, search


A web application firewall (WAF) is an appliance, server plugin, or filter that applies a set of rules to an HTTP conversation. Generally, these rules cover common attacks such as cross-site scripting (XSS) and SQL injection.

A WAF differs from a proxy in that proxies protect clients, while WAFs protect servers. A WAF is deployed to protect a specific web application or set of web applications. A WAF can be considered a reverse proxy.

WAFs may be customized to an application. The effort to perform this customization can be significant and needs to be maintained as the application is modified.

A far more detailed description is available at Wikipedia.

OWASP Projects