A WAF, or web application firewall, protects web applications by filtering and monitoring HTTP traffic between a web application and the Internet. It usually protects online applications from cross-site forgery, cross-site scripting (XSS), file inclusion, and SQL injection, among other things. A WAF is a protocol layer 7 protection (in the OSI model) and is not intended to fight against all forms of attacks.

A web application firewall (WAF) is an application firewall for HTTP applications. It runs an HTTP interaction through a set of rules. In general, these rules cover typical vulnerabilities like cross-site scripting (XSS) and SQL injection. WAFs defend servers rather than clients, as proxies do. A WAF is used to safeguard a specific online application or set of web apps. A WAF can be thought of as a reverse proxy. WAFs can take the shape of an appliance, server plugin, or filter and can be tailored to a specific application. The effort required to accomplish this modification might be significant, and it must be maintained as the application is modified.

AWS WAF - Web Application Firewall:

AWS WAF is an online application firewall that protects your web applications from typical web exploits that could disrupt application availability, compromise security, or consume excessive resources. AWS WAF gives you control over which traffic to allow or prohibit to your online apps by establishing customizable web security rules. AWS WAF allows you to set custom rules that block typical attack types such as SQL injection or cross-site scripting, as well as rules tailored to your individual application. New rules may be deployed in minutes, allowing you to adapt swiftly to changing traffic patterns. AWS WAF also comes with a full-featured API for automating the generation, implementation, and management of web security rules. With AWS WAF, you just pay for what you use. AWS WAF cost is determined by the number of rules you deploy and the number of web requests received by your web application. There are no upfront commitments. AWS WAF can be deployed on either Amazon CloudFront as part of your CDN solution or the Application Load Balancer (ALB) that fronts your EC2 web servers or origin servers.

Benefits:

• Increased Protection Against Web Attacks

• Security Integrated with How You Develop Applications

• Ease of Deployment & Maintenance

• Improved Web Traffic Visibility

• Cost Effective Web Application Protection