# What Is a WAF?

### What Is a WAF?

A **Web Application Firewall (WAF)** is a security solution designed to **protect web applications and APIs** by monitoring, filtering, and blocking malicious HTTP/HTTPS traffic before it reaches the origin server.

Unlike traditional network firewalls that operate at the network or transport layer (L3/L4), a WAF works at the **application layer (Layer 7)** and understands web-specific protocols, requests, and behaviors.

In short:\
👉 **WAF sits in front of your web application and acts as a security gatekeeper.**

***

### Why Do You Need a WAF?

Modern web applications are exposed to many threats such as:

* SQL Injection (SQLi)
* Cross-Site Scripting (XSS)
* Remote Code Execution (RCE)
* File Inclusion (LFI/RFI)
* Bot abuse, scraping, and credential stuffing
* DDoS attacks at the application layer

A WAF helps you:

* Protect applications without changing source code
* Reduce security risks and data breaches
* Meet compliance requirements (e.g. PCI-DSS, security regulations)
* Improve overall application availability and reliability

### How a WAF Works

Typical traffic flow:

```
Client  →  WAF  →  Web Application (Origin Server)
```

1\. A client sends an HTTP/HTTPS request

2\. The WAF inspects the request in real time

3\. Security rules and detection engines analyze the request

4\. Based on the result, the WAF:

* **Allows** the request
* **Blocks** the request
* **Challenges** the request (CAPTCHA, verification)
* **Logs** the request for monitoring and auditing

### Key Capabilities of a WAF

#### 1. Attack Protection

* OWASP Top 10 protection
* Zero-day and unknown attack pattern detection (behavior-based)
* Protocol and request validation

#### 2. Access Control

* IP allowlist / denylist
* Geo-based access control
* Rate limiting by IP, URL, or user behavior

#### 3. Bot Management

* Detect and mitigate malicious bots
* Allow legitimate bots (search engines, monitoring tools)
* Protect login pages and APIs from brute-force attacks

#### 4. Traffic Visibility & Logging

* Real-time request and attack logs
* Detailed attack details (rule, source IP, payload, action)
* Traffic statistics and trends

#### 5 Custom Rules

* Create allow, deny, or monitoring rules
* Match by URL, method, headers, parameters, body
* Flexible rule priority and scope


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.vngcloud.vn/vng-cloud-document/vwaf/what-is-a-waf.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.