WAF vs Firewall

We both are not same bruhh .

Featured image

Before start differences, let’s understand the WAF. WAF stands for the Web Application Firewall that operates as application firewall for the HTTPS applications. It implements set of rules for a HTTP conversation and due to these rules, WAF prevents from XSS (Cross site scripting) and SQL injections.

WAF is more focused on Web Applications .A WAF is a firewall primarily used for protecting applications, APIs to Webhooks, providing protection by assessing what the traffic is trying to do and blocking it if necessary, especially if the actions in the traffic are deemed malicious.

General view of WAF


Let’s look at the OSI model for the both WAF and Firewall


Now it’s time for the tabular comparison

WAF Firewall
OSI Layer Layer 3 to 7 Layer 3 to 4
Deployment Architecture Reverse Proxy Layer 3 Gateway
Access Control Granularity Port, protolcol, IP Address Port, protolcol, IP Address
Threat Detection , Prevention Technique Signatures, Protocol Anomaly Detection, App-specific Anomaly Detection NA
Protocol Coverage Web-centric: HTTP(s), XML, SOAP,SPDY Any
DDos Protection Application Layer N/w layer (Basics)
Web Application Protection Extensive, Including full Application Layer coverage Minimal

Key Point Takeaways :-

Benefits of WAF

Keep learning, Keep Troubleshooting !