Web application firewall or WAF protect enterprises web properties and enforce the security and privacy of their web applications.
Web application firewalls are protective devices that are placed inline between the user and the web server. The web application firewall analyzes HTTP traffic to decide if it’s valid traffic and attempts to prevent web attacks (such as DDoS attacks). You could think of them as Intrusion Prevention Systems (IPS) for the web application.
The Web Application Firewall is focused on the 7th layer; The Application layer of the OSI Model. Access Controls are implemented by using Access Control Lists as its rules to allow or reject traffic. WAFs may come in the form of an appliance, server plugin, or filter, and may be customized to an application. The effort to perform this customization can be significant and requires to be maintained as the application is modified.
Web application firewalls are still almost rare to see when assessing an application, but being able to detect them is still very important.
Detecting whether an application firewall is running in front of an application is actually quite easy. If, throughout your testing, you keep getting kicked out, or the session times out when issuing an attack request, an application firewall is likely between you and the application. Another indication would be when the web server does not respond the way it generally does to unusual requests but instead always returns the same type of error.