A Web Application Firewall (WAF) is a firewall that filters, monitors, and blocks HTTP/S
traffic to and from a web application.
A WAF is differentiated from a regular firewall in that a WAF is able to filter the content of specific web applications while regular firewalls serve as a safety gate between servers. A WAF has the ability to filter and monitor for specific web applications.
Through customized inspection, it can prevent attacks stemming from web application security flaws such as SQL injection, Cross-Site Scripting (XSS), Security Misconfiguration, etc.
WAF is also able to monitor traffic and detect patterns or anomalies.