Advanced Web
Application Firewall (WAF)

Protect your apps, APIs, and data against the most prevalent cyberattacks—zero-day vulnerabilities, app-layer DoS attacks, threat campaigns, application takeover, and bots.

Attacks to apps are the leading cause of breaches—they are the gateway to your valuable data. With the right WAF in place, you can block the array of attacks that aim to exfiltrate that data by compromising your systems.

How does a web application firewall (WAF) work?

A WAF protects your web apps by filtering, monitoring, and blocking any malicious HTTP/S traffic traveling to the web application, and prevents any unauthorized data from leaving the app. It does this by adhering to a set of policies that help determine what traffic is malicious and what traffic is safe. Just as a proxy server acts as an intermediary to protect the identity of a client, a WAF operates in similar fashion but in the reverse—called a reverse proxy—acting as an intermediary that protects the web app server from a potentially malicious client.


WAFs can come in the form of software, an appliance, or delivered as-a-service. Policies can be customized to meet the unique needs of your web application or set of web applications. Although many WAFs require you update the policies regularly to address new vulnerabilities, advances in machine learning enable some WAFs to update automatically. This automation is becoming more critical as the threat landscape continues to grow in complexity and ambiguity.

The difference between a web application firewall (WAF), an intrusion prevention system (IPS) and a next-generation firewall (NGFW)

An IPS is an intrusion prevention system, a WAF is a web application firewall, and an NGFW is a next-generation firewall. What’s the difference between them all? 

An IPS is a more broadly focused security product. It is typically signature and policy based—meaning it can check for well-known vulnerabilities and attack vectors based on a signature database and established policies. The IPS establishes a standard based off the database and policies, then sends alerts when any traffic deviates from the standard. The signatures and policies grow over time as new vulnerabilities are known. In general, IPS protects traffic across a range of protocol types such as DNS, SMTP, TELNET, RDP, SSH, and FTP. IPS typically operates and protects layers 3 and 4. The network and session layers although some may offer limited protection at the application layer (layer 7).

A web application firewall (WAF) protects the application layer and is specifically designed to analyze each HTTP/S request at the application layer. It is typically user, session, and application aware, cognizant of the web apps behind it and what services they offer. Because of this, you can think of a WAF as the intermediary between the user and the app itself, analyzing all communications before they reach the app or the user. Traditional WAFs ensure only allowed actions (based on security policy) can be performed. For many organizations, WAFs are a trusted, first line of defense for applications, especially to protect against the OWASP Top 10—the foundational list of the most seen application vulnerabilities.

A next-generation firewall (NGFW) monitors the traffic going out to the Internet—across web sites, email accounts, and SaaS. Simply put, it’s protecting the user (vs the web application). A NGFW will enforce user-based policies and adds context to security policies in addition to adding features such as URL filtering, anti-virus/anti-malware, and potentially its own intrusion prevention systems (IPS).

While a WAF is typically a reverse proxy (used by servers), NGFWs are often forward proxys (used by clients such as a browser).

Learn the benefits of F5 WAF

Advanced application protection

Advanced WAF combines machine learning, threat intelligence, and deep application expertise.

Defenses for the OWASP Top 10

Defends critical apps from today’s biggest security concerns, the OWASP Top 10 vulnerabilities.

Security as code

Declarative API-based deployment and configuration enables delivering security as code.

In-browser data encryption

Encrypts data at the app layer to protect against data-extracting malware and man-in-the-browser attacks.

Behavioral DoS

Behavioral analytics and machine learning provide highly accurate L7 DoS detection and mitigation.

API protocol security

Deploys tools that secure GraphQL, REST/JSON, XML, and GWT APIs.

Stolen credential protection

Protects against brute-force attacks that use stolen credentials.

Proactive bot defense

Protects apps from automated attacks by bots and other malicious tools.


Protect against the most prevalent attacks on your apps, without having to update the apps themselves.

Automated attacks and bots

Automated attacks and bots can overwhelm application resources.

Application-layer attacks

Application-layer attacks can evade signature and reputation-based security solutions.

Credential theft

Attacks that steal application credentials or take advantage of compromised accounts.

Web app and API attacks

New attack surfaces and threats due to the rapid adoption of APIs.

Attacks on mobile clients

Bots that target browser-based and mobile clients.

Targeted attack campaigns

Active attack campaigns are difficult to detect from singular attacks.


Analyze, troubleshoot, auto-scale and control every app, service and F5 device (virtual and physical) in any environment—all from a centralized, role-specific single pane of glass.

Have questions?
Ask a Xontech Systems Expert