A filter that inspects HTTP requests as text and blocks those matching attack signatures or anomaly rules, with the key limitation that it sees raw bytes rather than how the application will parse...
Web Application Firewall (WAF) is a filter that inspects HTTP requests and responses and blocks those that look like attacks (XSS, SQL injection, path traversal, and similar). The defining trait, and its central limitation, is that a WAF matches on the request as text. It sees the raw bytes of the URL, headers, and body. It does not see how your application will parse, decode, and use them.
The engine normalizes the request (URL-decode, lowercase, strip whitespace) and then runs its rules against fields like the path, query string, cookies, and body. It has no view of application state: which user is logged in, whether an ID belongs to them, or what a value means once it reaches your code.
A request arrives:
GET /product?id=1%27%20OR%20%271%27%3D%271 HTTP/1.1
The WAF URL-decodes the query into id=1' OR '1'='1. A CRS SQL-injection rule looks for a quote followed by a boolean operator and a comparison, roughly:
# Simplified ModSecurity-style rule
SecRule ARGS "@rx (?i:'\s+or\s+'?\d)" \
"id:942100,phase:2,deny,status:403,msg:'SQLi'"
The pattern matches the decoded ' OR '1, the rule fires in phase 2 (request body), and the WAF returns 403 before the request reaches the application.
# Reverse proxy (inline)
Client -> WAF -> Application Server
# Out-of-band (monitoring only)
Client -> Application Server
(mirror) -> WAF
# Cloud
Client -> Cloudflare / AWS WAF -> Application
Because the WAF matches bytes and the application parses them, any difference between the two creates a gap. The same payload can be encoded, split across parsers, or wrapped in a syntax the WAF normalizes differently from the app: double URL-encoding, mixed case, comment insertion in SQL, alternate JSON or multipart framing, HTTP request smuggling. If the WAF's decoded view of the request differs from what your code finally executes, the rule never matches the real attack. That parser-differential gap is the subject of WAF Bypass, and it is why a WAF is a layer in front of secure code, not a substitute for it. WAFs also cannot see authorization or business-logic flaws, which live entirely in application state.