[{"data":1,"prerenderedAt":79},["ShallowReactive",2],{"term-w\u002Fweb-application-firewall":3,"related-w\u002Fweb-application-firewall":61},{"id":4,"title":5,"acronym":6,"body":7,"category":40,"description":41,"difficulty":42,"extension":43,"letter":44,"meta":45,"navigation":46,"path":47,"related":48,"seo":54,"sitemap":55,"stem":58,"subcategory":59,"__hash__":60},"terms\u002Fterms\u002Fw\u002Fweb-application-firewall.md","Web Application Firewall","WAF",{"type":8,"value":9,"toc":33},"minimark",[10,15,19,23,26,30],[11,12,14],"h2",{"id":13},"eli5-the-vibe-check","ELI5 — The Vibe Check",[16,17,18],"p",{},"A WAF is a smart firewall that understands web traffic. A regular firewall just checks ports; a WAF actually reads HTTP requests and blocks things that look like SQL injection, XSS, or other attacks. It's the security guard who reads the package contents, not just the address on the box.",[11,20,22],{"id":21},"real-talk","Real Talk",[16,24,25],{},"A WAF (Web Application Firewall) filters and monitors HTTP\u002FHTTPS traffic at the application layer (L7). It uses signatures, rules, and behavioral analysis to detect and block web attacks like SQLi, XSS, CSRF, and DDoS. Common WAFs: Cloudflare, AWS WAF, ModSecurity.",[11,27,29],{"id":28},"when-youll-hear-this","When You'll Hear This",[16,31,32],{},"\"Put the API behind a WAF before launch.\" \u002F \"The WAF blocked 10,000 SQLi attempts last night.\"",{"title":34,"searchDepth":35,"depth":35,"links":36},"",2,[37,38,39],{"id":13,"depth":35,"text":14},{"id":21,"depth":35,"text":22},{"id":28,"depth":35,"text":29},"security","A WAF is a smart firewall that understands web traffic.","intermediate","md","w",{},true,"\u002Fterms\u002Fw\u002Fweb-application-firewall",[49,50,51,52,53],"Firewall","XSS","SQL Injection","DDoS","OWASP Top 10",{"title":5,"description":41},{"changefreq":56,"priority":57},"weekly",0.7,"terms\u002Fw\u002Fweb-application-firewall",null,"8HH_LBQIrdDno9NV5D0v_6Eb7j8p5dkWiQ0Kc4mjYvM",[62,66,70,73,76],{"title":52,"path":63,"acronym":52,"category":40,"difficulty":64,"description":65},"\u002Fterms\u002Fd\u002Fddos","beginner","DDoS (Distributed Denial of Service) is when thousands of computers flood your server with so much fake traffic that it can't handle real users.",{"title":49,"path":67,"acronym":59,"category":68,"difficulty":64,"description":69},"\u002Fterms\u002Ff\u002Ffirewall","networking","A firewall is the bouncer at your network's door. It checks every incoming and outgoing connection against a list of rules and blocks anything suspicious.",{"title":53,"path":71,"acronym":59,"category":40,"difficulty":64,"description":72},"\u002Fterms\u002Fo\u002Fowasp-top-10","The OWASP Top 10 is the security industry's greatest hits of web vulnerabilities — the 10 most common, dangerous ways apps get hacked.",{"title":51,"path":74,"acronym":59,"category":40,"difficulty":42,"description":75},"\u002Fterms\u002Fs\u002Fsql-injection","SQL injection is when a hacker types SQL code into a text field instead of normal text, and your stupid database runs it.",{"title":50,"path":77,"acronym":50,"category":40,"difficulty":42,"description":78},"\u002Fterms\u002Fx\u002Fxss","XSS stands for Cross-Site Scripting. Hackers inject their own JavaScript into your site so when other users visit, the evil script runs in their browser.",1776518257551]