Web Application Firewall. A filtering layer in front of HTTP traffic to a web application that blocks malicious requests.
WAFs apply rule sets (e.g., the OWASP Core Rule Set) plus custom site-specific rules to inbound HTTP requests, blocking patterns associated with SQL injection, command injection, file inclusion, and known exploit payloads. AWS WAF, Cloudflare, ModSecurity, and Azure Front Door WAF are common implementations.
WAF logs are a useful detection signal for cloud-relevant CVEs that exploit the web layer. CloudSigma generates WAF-log rules where the underlying CVE is exploited via HTTP, complementing the cloud-audit-log rules that detect post-exploitation activity in the cloud control plane.