WAF (Web Application Firewall)
A WAF protects web apps by filtering HTTP(S) requests based on rules and signatures.
Updated: 2026-03-06
Definition
A Web Application Firewall (WAF) inspects web traffic at Layer 7 to block common attacks like SQL injection and XSS.
WAF rules can be managed rulesets or custom policies tailored to the application.
Key points
- Layer 7 protection for web apps
- Blocks common web attacks (SQLi, XSS)
- Needs tuning to reduce false positives
Common mistakes
- Assuming WAF replaces secure coding (it doesn’t).
- Enabling strict rules without testing and breaking legitimate traffic.
Related exams
CompTIA Security+ (SY0-701)
Free Security+ SY0-701 mini test with focused next steps. Continue in the app for offline packs and detailed explanations.
AWS Certified Solutions Architect – Associate (SAA-C03)
Free SAA-C03 mini test with focused next steps. Continue in the app for offline packs and detailed explanations.
Related terms
Want to practice this in exam-style questions?
Use the mini tests on each exam page, then continue in the app for offline packs and detailed explanations.
Go to exams