A Web Application Firewall (WAF) protects websites and applications from attackers who use protocol and application vulnerabilities to steal data, deny service (DDoS), or deface websites. This is done by inspecting HTTP traffic before it reaches your applications, and filtering out the threat before any damage can be dealt.