An application firewall for HTTP connection, it protects applications from various application-layer attacks such as cookie poisoning, cross-site scripting, etc. A WAF lies between external users and web applications to analyze all HTTP communications.