Where a WAF sits
A WAF usually sits in front of an application as an edge service, reverse proxy, ingress layer, or gateway component.
Common protections
- SQL injection and XSS detection
- Bot and brute-force controls
- Rate limiting
- Virtual patching and rule-based blocking
- API protection workflows