A web application firewall (WAF) is an application firewall for HTTP applications. It applies a set of rules to an HTTP conversation. Generally, these rules cover common attacks such as cross-site scripting (XSS) and SQL injection.

While proxies generally protect clients, WAFs protect servers. A WAF is deployed to protect a specific web application or set of web applications. A WAF can be considered a reverse proxy. WAFs may come in the form of an appliance, server plugin, or filter, and may be customized to an application. 

WAFs are deployed in front of web servers to protect web applications against external and internal attacks, to monitor and control access to web applications, and to collect access logs for compliance/auditing and analytics. WAFs are most often deployed in-line, as a reverse proxy, because historically it was the only way to perform some in-depth inspections.

Using Imperva WAF to Protect Web Applications

Imperva (IMPV) is an application and database security. SecureSphere is Imperva's WAF appliance, and Incapsula is its cloud-based WAF, delivered as a service. The SecureSphere WAF is available as a physical or virtual appliance, and for AWS and Microsoft Azure. Two models of physical and virtual appliances are also available for dedicated management.