How does a Web Application Firewall work?
A web application firewall (WAF) protects web apps by monitoring, filtering, and blocking malicious HTTP/S traffic that is traveling to a web application preventing unauthorized data from exiting the app. It does this through a set of policies, which are merely rules the WAF operates through. These policies help protect against application vulnerabilities by determining the malicious traffic from the safe traffic then filtering out the malicious traffic.
Just like a proxy server will act as an intermediary and protect a client’s identity, a WAF operates similarly but in a reverse fashion, which is called a reverse-proxy. The reverse-proxy also acts as an intermediary, only to protect the app’s web server from potentially malicious clients. WAFS comes in different forms, such as an appliance, software, or as-a-service. The value of a WAF comes from the ease and speed in which policy modifications are implemented, allowing a faster response to various attack vectors; rate-limiting can quickly be implemented during a DDoS attack by modifying WAF policies.