<span class="mw-page-title-main">Web application firewall</span>

Web application firewall

<p>A <b>web application firewall</b> (<b>WAF</b>) is a specific form of <a href="/en/Application_firewall" title="Application firewall" class="wl">application firewall</a> that filters, monitors, and blocks <a href="/en/HTTP" title="HTTP" class="wl">HTTP</a> <a href="/en/Network_traffic" title="Network traffic" class="wl">traffic</a> to and from a <a href="/en/Web_application" title="Web application" class="wl"> web service</a>. By inspecting HTTP traffic, it can prevent attacks exploiting a web application's known vulnerabilities, such as <a href="/en/SQL_injection" title="SQL injection" class="wl">SQL injection</a>, <a href="/en/Cross-site_scripting" title="Cross-site scripting" class="wl">cross-site scripting</a> (XSS), <a href="/en/File_inclusion_vulnerability" title="File inclusion vulnerability" class="wl">file inclusion</a>, and improper system configuration.<span class="mw-ref reference" id="cite_ref-1"><a href="#cite_note-1" style="counter-reset: mw-Ref 1;"><span class="mw-reflink-text">[1]</span></a></span></p>


<style data-mw-deduplicate="TemplateStyles:r1033289096" typeof="mw:Extension/templatestyles mw:Transclusion">.mw-parser-output .hatnote{font-style:italic}.mw-parser-output div.hatnote{padding-left:1.6em;margin-bottom:0.5em}.mw-parser-output .hatnote i{font-style:normal}.mw-parser-output .hatnote+link+.hatnote{margin-top:-0.5em}</style>
<div class="shortdescription nomobile noexcerpt noprint searchaux" style="display:none" about="#mwt4">HTTP specific network security system</div>
<style data-mw-deduplicate="TemplateStyles:r1129693374" typeof="mw:Extension/templatestyles mw:Transclusion">.mw-parser-output .hlist dl,.mw-parser-output .hlist ol,.mw-parser-output .hlist ul{margin:0;padding:0}.mw-parser-output .hlist dd,.mw-parser-output .hlist dt,.mw-parser-output .hlist li{margin:0;display:inline}.mw-parser-output .hlist.inline,.mw-parser-output .hlist.inline dl,.mw-parser-output .hlist.inline ol,.mw-parser-output .hlist.inline ul,.mw-parser-output .hlist dl dl,.mw-parser-output .hlist dl ol,.mw-parser-output .hlist dl ul,.mw-parser-output .hlist ol dl,.mw-parser-output .hlist ol ol,.mw-parser-output .hlist ol ul,.mw-parser-output .hlist ul dl,.mw-parser-output .hlist ul ol,.mw-parser-output .hlist ul ul{display:inline}.mw-parser-output .hlist .mw-empty-li{display:none}.mw-parser-output .hlist dt::after{content:": "}.mw-parser-output .hlist dd::after,.mw-parser-output .hlist li::after{content:" · ";font-weight:bold}.mw-parser-output .hlist dd:last-child::after,.mw-parser-output .hlist dt:last-child::after,.mw-parser-output .hlist li:last-child::after{content:none}.mw-parser-output .hlist dd dd:first-child::before,.mw-parser-output .hlist dd dt:first-child::before,.mw-parser-output .hlist dd li:first-child::before,.mw-parser-output .hlist dt dd:first-child::before,.mw-parser-output .hlist dt dt:first-child::before,.mw-parser-output .hlist dt li:first-child::before,.mw-parser-output .hlist li dd:first-child::before,.mw-parser-output .hlist li dt:first-child::before,.mw-parser-output .hlist li li:first-child::before{content:" (";font-weight:normal}.mw-parser-output .hlist dd dd:last-child::after,.mw-parser-output .hlist dd dt:last-child::after,.mw-parser-output .hlist dd li:last-child::after,.mw-parser-output .hlist dt dd:last-child::after,.mw-parser-output .hlist dt dt:last-child::after,.mw-parser-output .hlist dt li:last-child::after,.mw-parser-output .hlist li dd:last-child::after,.mw-parser-output .hlist li dt:last-child::after,.mw-parser-output .hlist li li:last-child::after{content:")";font-weight:normal}.mw-parser-output .hlist ol{counter-reset:listitem}.mw-parser-output .hlist ol>li{counter-increment:listitem}.mw-parser-output .hlist ol>li::before{content:" "counter(listitem)"\a0 "}.mw-parser-output .hlist dd ol>li:first-child::before,.mw-parser-output .hlist dt ol>li:first-child::before,.mw-parser-output .hlist li ol>li:first-child::before{content:" ("counter(listitem)"\a0 "}</style><style data-mw-deduplicate="TemplateStyles:r1045330069" typeof="mw:Extension/templatestyles">.mw-parser-output .sidebar{width:22em;float:right;clear:right;margin:0.5em 0 1em 1em;background:#f8f9fa;border:1px solid #aaa;padding:0.2em;text-align:center;line-height:1.4em;font-size:88%;border-collapse:collapse;display:table}body.skin-minerva .mw-parser-output .sidebar{display:table!important;float:right!important;margin:0.5em 0 1em 1em!important}.mw-parser-output .sidebar-subgroup{width:100%;margin:0;border-spacing:0}.mw-parser-output .sidebar-left{float:left;clear:left;margin:0.5em 1em 1em 0}.mw-parser-output .sidebar-none{float:none;clear:both;margin:0.5em 1em 1em 0}.mw-parser-output .sidebar-outer-title{padding:0 0.4em 0.2em;font-size:125%;line-height:1.2em;font-weight:bold}.mw-parser-output .sidebar-top-image{padding:0.4em}.mw-parser-output .sidebar-top-caption,.mw-parser-output .sidebar-pretitle-with-top-image,.mw-parser-output .sidebar-caption{padding:0.2em 0.4em 0;line-height:1.2em}.mw-parser-output .sidebar-pretitle{padding:0.4em 0.4em 0;line-height:1.2em}.mw-parser-output .sidebar-title,.mw-parser-output .sidebar-title-with-pretitle{padding:0.2em 0.8em;font-size:145%;line-height:1.2em}.mw-parser-output .sidebar-title-with-pretitle{padding:0.1em 0.4em}.mw-parser-output .sidebar-image{padding:0.2em 0.4em 0.4em}.mw-parser-output .sidebar-heading{padding:0.1em 0.4em}.mw-parser-output .sidebar-content{padding:0 0.5em 0.4em}.mw-parser-output .sidebar-content-with-subgroup{padding:0.1em 0.4em 0.2em}.mw-parser-output .sidebar-above,.mw-parser-output .sidebar-below{padding:0.3em 0.8em;font-weight:bold}.mw-parser-output .sidebar-collapse .sidebar-above,.mw-parser-output .sidebar-collapse .sidebar-below{border-top:1px solid #aaa;border-bottom:1px solid #aaa}.mw-parser-output .sidebar-navbar{text-align:right;font-size:115%;padding:0 0.4em 0.4em}.mw-parser-output .sidebar-list-title{padding:0 0.4em;text-align:left;font-weight:bold;line-height:1.6em;font-size:105%}.mw-parser-output .sidebar-list-title-c{padding:0 0.4em;text-align:center;margin:0 3.3em}@media(max-width:720px){body.mediawiki .mw-parser-output .sidebar{width:100%!important;clear:both;float:none!important;margin-left:0!important;margin-right:0!important}}</style><table class="sidebar nomobile nowraplinks hlist"><tbody><tr><td class="sidebar-pretitle">Part of a series on</td></tr><tr><th class="sidebar-title-with-pretitle"><a href="/en/Information_security" title="Information security" class="wl">Information security</a></th></tr><tr><td class="sidebar-image"><figure class="mw-halign-center wiki-thumb"><a href="/en/File:CIAJMK1209-en.svg" class="mw-file-description image media-thumb" title="vectorial version" data-hash="File:CIAJMK1209-en.svg"><img loading="lazy"alt="vectorial version" src="//upload.wikimedia.org/wikipedia/commons/thumb/c/c5/CIAJMK1209-en.svg/150px-CIAJMK1209-en.svg.png" decoding="async" data-file-width="496" data-file-height="496" data-file-type="drawing" height="150" width="150" srcset="//upload.wikimedia.org/wikipedia/commons/thumb/c/c5/CIAJMK1209-en.svg/225px-CIAJMK1209-en.svg.png 1.5x, //upload.wikimedia.org/wikipedia/commons/thumb/c/c5/CIAJMK1209-en.svg/300px-CIAJMK1209-en.svg.png 2x"></a><figcaption>vectorial version</figcaption></figure></td></tr><tr><th class="sidebar-heading">
Related security categories</th></tr><tr><td class="sidebar-content">
<ul><li><a href="/en/Computer_security" title="Computer security" class="wl">Computer security</a></li>
<li><a href="/en/Automotive_security" title="Automotive security" class="wl">Automotive security</a></li>
<li><a href="/en/Cybercrime" title="Cybercrime" class="wl">Cybercrime</a>
<ul><li><a href="/en/Cybersex_trafficking" title="Cybersex trafficking" class="wl">Cybersex trafficking</a></li>
<li><a href="/en/Computer_fraud" title="Computer fraud" class="wl">Computer fraud</a></li></ul></li>
<li><a href="/en/Cybergeddon" title="Cybergeddon" class="wl">Cybergeddon</a></li>
<li><a href="/en/Cyberterrorism" title="Cyberterrorism" class="wl">Cyberterrorism</a></li>
<li><a href="/en/Cyberwarfare" title="Cyberwarfare" class="wl">Cyberwarfare</a></li>
<li><a href="/en/Electronic_warfare" title="Electronic warfare" class="wl">Electronic warfare</a></li>
<li><a href="/en/Information_warfare" title="Information warfare" class="wl">Information warfare</a></li>
<li><a href="/en/Internet_security" title="Internet security" class="wl">Internet security</a></li>
<li><a href="/en/Mobile_security" title="Mobile security" class="wl">Mobile security</a></li>
<li><a href="/en/Network_security" title="Network security" class="wl">Network security</a></li>
<li><a href="/en/Copy_protection" title="Copy protection" class="wl">Copy protection</a></li>
<li><a href="/en/Digital_rights_management" title="Digital rights management" class="wl">Digital rights management</a></li></ul></td>
</tr><tr><th class="sidebar-heading">
Threats</th></tr><tr><td class="sidebar-content">
<ul><li><a href="/en/Adware" title="Adware" class="wl">Adware</a></li>
<li><a href="/en/Advanced_persistent_threat" title="Advanced persistent threat" class="wl">Advanced persistent threat</a></li>
<li><a href="/en/Arbitrary_code_execution" title="Arbitrary code execution" class="wl">Arbitrary code execution</a></li>
<li><a href="/en/Backdoor_(computing)" title="Backdoor (computing)" class="wl">Backdoors</a></li>
<li><a href="/en/Hardware_backdoors" title="Hardware backdoors" class="mw-redirect wl">Hardware backdoors</a></li>
<li><a href="/en/Code_injection" title="Code injection" class="wl">Code injection</a></li>
<li><a href="/en/Crimeware" title="Crimeware" class="wl">Crimeware</a></li>
<li><a href="/en/Cross-site_scripting" title="Cross-site scripting" class="wl">Cross-site scripting</a></li>
<li><a href="/en/Cryptojacking_malware" title="Cryptojacking malware" class="mw-redirect wl">Cryptojacking malware</a></li>
<li><a href="/en/Botnet" title="Botnet" class="wl">Botnets</a></li>
<li><a href="/en/Data_breach" title="Data breach" class="wl">Data breach</a></li>
<li><a href="/en/Drive-by_download" title="Drive-by download" class="wl">Drive-by download</a></li>
<li><a href="/en/Browser_helper_object" title="Browser helper object" class="mw-redirect wl">Browser helper objects</a></li>
<li><a href="/en/Computer_virus" title="Computer virus" class="wl">Viruses</a></li>
<li><a href="/en/Data_scraping" title="Data scraping" class="wl">Data scraping</a></li>
<li><a href="/en/Denial_of_service" title="Denial of service" class="mw-redirect wl">Denial of service</a></li>
<li><a href="/en/Eavesdropping" title="Eavesdropping" class="wl">Eavesdropping</a></li>
<li><a href="/en/Email_fraud" title="Email fraud" class="wl">Email fraud</a></li>
<li><a href="/en/Email_spoofing" title="Email spoofing" class="wl">Email spoofing</a></li>
<li><a href="/en/Exploit_(computer_security)" title="Exploit (computer security)" class="wl">Exploits</a></li>
<li><a href="/en/Keylogger" title="Keylogger" class="mw-redirect wl">Keyloggers</a></li>
<li><a href="/en/Logic_bomb" title="Logic bomb" class="wl">Logic bombs</a></li>
<li><a href="/en/Time_bomb_(software)" title="Time bomb (software)" class="wl">Time bombs</a></li>
<li><a href="/en/Fork_bomb" title="Fork bomb" class="wl">Fork bombs</a></li>
<li><a href="/en/Zip_bomb" title="Zip bomb" class="wl">Zip bombs</a></li>
<li><a href="/en/Dialer#Fraudulent_dialer" title="Dialer" class="wl">Fraudulent dialers</a></li>
<li><a href="/en/Malware" title="Malware" class="wl">Malware</a></li>
<li><a href="/en/Payload_(computing)" title="Payload (computing)" class="wl">Payload</a></li>
<li><a href="/en/Phishing" title="Phishing" class="wl">Phishing</a></li>
<li><a href="/en/Polymorphic_engine" title="Polymorphic engine" class="wl">Polymorphic engine</a></li>
<li><a href="/en/Privilege_escalation" title="Privilege escalation" class="wl">Privilege escalation</a></li>
<li><a href="/en/Ransomware" title="Ransomware" class="wl">Ransomware</a></li>
<li><a href="/en/Rootkit" title="Rootkit" class="wl">Rootkits</a></li>
<li><a href="/en/Bootkit" title="Bootkit" class="mw-redirect wl">Bootkits</a></li>
<li><a href="/en/Scareware" title="Scareware" class="wl">Scareware</a></li>
<li><a href="/en/Shellcode" title="Shellcode" class="wl">Shellcode</a></li>
<li><a href="/en/Spamming" title="Spamming" class="wl">Spamming</a></li>
<li><a href="/en/Social_engineering_(security)" title="Social engineering (security)" class="wl">Social engineering</a></li>
<li><a href="/en/Screen_scrape" title="Screen scrape" class="mw-redirect wl">Screen scraping</a></li>
<li><a href="/en/Spyware" title="Spyware" class="wl">Spyware</a></li>
<li><a href="/en/Software_bug" title="Software bug" class="wl">Software bugs</a></li>
<li><a href="/en/Trojan_horse_(computing)" title="Trojan horse (computing)" class="wl">Trojan horses</a></li>
<li><a href="/en/Hardware_Trojan" title="Hardware Trojan" class="wl">Hardware Trojans</a></li>
<li><a href="/en/Remote_access_trojan" title="Remote access trojan" class="mw-redirect wl">Remote access trojans</a></li>
<li><a href="/en/Vulnerability_(computing)" title="Vulnerability (computing)" class="wl">Vulnerability</a></li>
<li><a href="/en/Web_shell" title="Web shell" class="wl">Web shells</a></li>
<li><a href="/en/Wiper_(malware)" title="Wiper (malware)" class="wl">Wiper</a></li>
<li><a href="/en/Computer_worm" title="Computer worm" class="wl">Worms</a></li>
<li><a href="/en/SQL_injection" title="SQL injection" class="wl">SQL injection</a></li>
<li><a href="/en/Rogue_security_software" title="Rogue security software" class="wl">Rogue security software</a></li>
<li><a href="/en/Zombie_(computing)" title="Zombie (computing)" class="wl">Zombie</a></li></ul></td>
</tr><tr><th class="sidebar-heading">
Defenses</th></tr><tr><td class="sidebar-content">
<ul><li><a href="/en/Application_security" title="Application security" class="wl">Application security</a>
<ul><li><a href="/en/Secure_coding" title="Secure coding" class="wl">Secure coding</a></li>
<li><a href="/en/Secure_by_default" title="Secure by default" class="wl">Secure by default</a></li>
<li><a href="/en/Secure_by_design" title="Secure by design" class="wl">Secure by design</a>
<ul><li><a href="/en/Misuse_case" title="Misuse case" class="wl">Misuse case</a></li></ul></li></ul></li>
<li><a href="/en/Computer_access_control" title="Computer access control" class="wl">Computer access control</a>
<ul><li><a href="/en/Authentication" title="Authentication" class="wl">Authentication</a>
<ul><li><a href="/en/Multi-factor_authentication" title="Multi-factor authentication" class="wl">Multi-factor authentication</a></li></ul></li>
<li><a href="/en/Authorization" title="Authorization" class="wl">Authorization</a></li></ul></li>
<li><a href="/en/Computer_security_software" title="Computer security software" class="wl">Computer security software</a>
<ul><li><a href="/en/Antivirus_software" title="Antivirus software" class="wl">Antivirus software</a></li>
<li><a href="/en/Security-focused_operating_system" title="Security-focused operating system" class="wl">Security-focused operating system</a></li></ul></li>
<li><a href="/en/Data-centric_security" title="Data-centric security" class="wl">Data-centric security</a></li>
<li><a href="/en/Code_obfuscation" title="Code obfuscation" class="mw-redirect wl">Code obfuscation</a></li>
<li><a href="/en/Data_masking" title="Data masking" class="wl">Data masking</a></li>
<li><a href="/en/Encryption" title="Encryption" class="wl">Encryption</a></li>
<li><a href="/en/Firewall_(computing)" title="Firewall (computing)" class="wl">Firewall</a></li>
<li><a href="/en/Intrusion_detection_system" title="Intrusion detection system" class="wl">Intrusion detection system</a>
<ul><li><a href="/en/Host-based_intrusion_detection_system" title="Host-based intrusion detection system" class="wl">Host-based intrusion detection system</a> (HIDS)</li>
<li><a href="/en/Anomaly_detection" title="Anomaly detection" class="wl">Anomaly detection</a></li></ul></li>
<li><a href="/en/Security_information_and_event_management" title="Security information and event management" class="wl">Security information and event management</a> (SIEM)</li>
<li><a href="/en/Mobile_secure_gateway" title="Mobile secure gateway" class="wl">Mobile secure gateway</a></li>
<li><a href="/en/Runtime_application_self-protection" title="Runtime application self-protection" class="wl">Runtime application self-protection</a></li></ul></td>
</tr><tr><td class="sidebar-navbar"><style data-mw-deduplicate="TemplateStyles:r1063604349" typeof="mw:Extension/templatestyles">.mw-parser-output .navbar{display:inline;font-size:88%;font-weight:normal}.mw-parser-output .navbar-collapse{float:left;text-align:left}.mw-parser-output .navbar-boxtext{word-spacing:0}.mw-parser-output .navbar ul{display:inline-block;white-space:nowrap;line-height:inherit}.mw-parser-output .navbar-brackets::before{margin-right:-0.125em;content:"[ "}.mw-parser-output .navbar-brackets::after{margin-left:-0.125em;content:" ]"}.mw-parser-output .navbar li{word-spacing:-0.125em}.mw-parser-output .navbar a>span,.mw-parser-output .navbar a>abbr{text-decoration:inherit}.mw-parser-output .navbar-mini abbr{font-variant:small-caps;border-bottom:none;text-decoration:none;cursor:inherit}.mw-parser-output .navbar-ct-full{font-size:114%;margin:0 7em}.mw-parser-output .navbar-ct-mini{font-size:114%;margin:0 4em}</style><div class="navbar plainlinks hlist navbar-mini"><ul><li class="nv-view"><a href="/en/Template:Information_security" title="Template:Information security" class="wl"><abbr>v</abbr></a></li><li class="nv-talk"><a href="/en/Template_talk:Information_security" title="Template talk:Information security" class="wl"><abbr>t</abbr></a></li><li class="nv-edit"><a rel="mw:ExtLink" href="//en.wikipedia.org/w/index.php?title=Template:Information_security&amp;action=edit" class="external text" target="_blank"><abbr>e</abbr></a></li></ul></div></td></tr></tbody></table>



A web application firewall is a specific form of application firewall that filters, monitors, and blocks HTTP traffic to and from a  web service. By inspecting HTTP traffic, it can prevent attacks exploiting a web application's known vulnerabilities, such as SQL injection, cross-site scripting , file inclusion, and improper system configuration. 