| Stage | Protect |
| Maturity | Minimal |
| Content Last Reviewed | 2020-10-26 |
A web application firewall (WAF) filters, monitors, and blocks web traffic to and from a web application. A WAF is differentiated from a regular firewall in that a WAF is able to filter the content of specific web applications, while regular firewalls serve as a safety gate between servers. By inspecting the contents of web traffic, it can prevent attacks stemming from web application security flaws, such as SQL injection, cross-site scripting (XSS), file inclusion, and security misconfigurations.
GitLab's WAF comes with a default out-of-the-box OWASP ruleset in detection only mode.
GitLab's WAF will be deprecated as of our %13.6 release and will be removed from the product in our %14.0 release. Please reference this issue for additional details.
