A WAF (Web application Firewall) is a product that protects a server or web application from attacks.
To do this, the WAF is placed in front of the web server directly receiving the HTTP and HTTPS requests from the user. These requests are inspected for anomalies or attack patterns, such as SQL injections. In the event that the request reaches a certain risk threshold, it will be discarded and will not reach the original web server.
The WAF is used to provide greater protection for applications exposed to the Internet or untrusted networks, and is especially useful to protect against new vulnerabilities that cannot be corrected immediately.
Although its use is highly recommended, it should not be forgotten that sometimes it will only delay a real or automatic attack, since a sophisticated attacker could evade this protection. For this reason, it is necessary to carry out an in depth defence strategy, periodically auditing the security of Web applications and correcting the vulnerabilities detected, as well as applying a security configuration (hardening) to the server.