> For the complete documentation index, see [llms.txt](https://docs.vngcloud.vn/vng-cloud-document/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.vngcloud.vn/vng-cloud-document/vwaf/what-is-a-waf.md). # What Is a WAF? ### What Is a WAF? A **Web Application Firewall (WAF)** is a security solution designed to **protect web applications and APIs** by monitoring, filtering, and blocking malicious HTTP/HTTPS traffic before it reaches the origin server. Unlike traditional network firewalls that operate at the network or transport layer (L3/L4), a WAF works at the **application layer (Layer 7)** and understands web-specific protocols, requests, and behaviors. In short:\ 👉 **WAF sits in front of your web application and acts as a security gatekeeper.** *** ### Why Do You Need a WAF? Modern web applications are exposed to many threats such as: * SQL Injection (SQLi) * Cross-Site Scripting (XSS) * Remote Code Execution (RCE) * File Inclusion (LFI/RFI) * Bot abuse, scraping, and credential stuffing * DDoS attacks at the application layer A WAF helps you: * Protect applications without changing source code * Reduce security risks and data breaches * Meet compliance requirements (e.g. PCI-DSS, security regulations) * Improve overall application availability and reliability ### How a WAF Works Typical traffic flow: ``` Client  →  WAF  →  Web Application (Origin Server) ``` 1\. A client sends an HTTP/HTTPS request 2\. The WAF inspects the request in real time 3\. Security rules and detection engines analyze the request 4\. Based on the result, the WAF: * **Allows** the request * **Blocks** the request * **Challenges** the request (CAPTCHA, verification) * **Logs** the request for monitoring and auditing ### Key Capabilities of a WAF #### 1. Attack Protection * OWASP Top 10 protection * Zero-day and unknown attack pattern detection (behavior-based) * Protocol and request validation #### 2. Access Control * IP allowlist / denylist * Geo-based access control * Rate limiting by IP, URL, or user behavior #### 3. Bot Management * Detect and mitigate malicious bots * Allow legitimate bots (search engines, monitoring tools) * Protect login pages and APIs from brute-force attacks #### 4. Traffic Visibility & Logging * Real-time request and attack logs * Detailed attack details (rule, source IP, payload, action) * Traffic statistics and trends #### 5 Custom Rules * Create allow, deny, or monitoring rules * Match by URL, method, headers, parameters, body * Flexible rule priority and scope --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://docs.vngcloud.vn/vng-cloud-document/vwaf/what-is-a-waf.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.