Web Application Firewall (WAF) is an application firewall for HTTP applications by applying a set of rules to an HTTP conversation. A WAF acts as a shield for web applications- placed between the web application and the Internet. The tool protects the server from exposure by having clients pass through the WAF before reaching the server.