|Content Last Reviewed||
A web application firewall (WAF) filters, monitors, and blocks web traffic to and from a web application. A WAF is differentiated from a regular firewall in that a WAF is able to filter the content of specific web applications, while regular firewalls serve as a safety gate between servers. By inspecting the contents of web traffic, it can prevent attacks stemming from web application security flaws, such as SQL injection, cross-site scripting (XSS), file inclusion, and security misconfigurations.
GitLab's WAF comes with a default out-of-the-box OWASP ruleset in detection only mode.