LOGBOOK

HELP

Quiz Entry - updated: 2026.06.25

What is a Web Application Firewall (WAF), and where does it sit in a web architecture?

A filter placed at the edge between the public internet and the application server — it inspects incoming HTTP(S) requests and blocks malicious-looking ones (SQL injection, XSS, scanners) before they ever reach the app.

Where a network firewall works at the level of IP addresses and ports, a WAF understands HTTP itself — URLs, headers, parameters, request bodies — so it can spot application-layer attacks that a network firewall would wave straight through. Picture every request from outside funnelling through one gate in front of the app: benign traffic passes, requests matching attack patterns are dropped.

How it decides:

  • Rule/signature matching — against known-bad patterns (e.g. the OWASP Core Rule Set), catching common injection and scripting payloads.
  • Anomaly scoring / behaviour — flagging requests that deviate from normal use (odd parameter shapes, request floods).

Where it fits in defense in depth: the WAF is one outer layer in a layered design. On its own it is not a substitute for secure coding — it reduces exposure and buys time to patch, but a determined attacker can craft payloads that evade signatures. It belongs alongside the other measures in a hardened architecture: TLS for data in transit, encryption at rest, need-to-know permissions, separating the app from the database, and logging every connection so suspicious activity is visible.

Tip: Think of a WAF as a bouncer who reads what each visitor is trying to do, not just who they are — useful, but you still lock the doors inside (the application's own input validation and access checks).

From Quiz: ISF / Session Handling & Login Protocols | Updated: Jun 25, 2026