A web application firewall (or WAF) filters, monitors, and blocks HTTP/S to and from a web application or API. A WAF is differentiated from a regular firewall in that a WAF is able to filter the content of specific web applications while regular firewalls serve as a safety gate between servers. By inspecting HTTP traffic, it can prevent attacks stemming from web application security flaws, such as Injection attacks, Cross Site Scripting(XSS), file inclusion, and security misconfigurations.  A good list of types of attacks that a WAF can help with can be found in the OWASP (Open Web Application Security Project) Top 10 List. https://owasp.org/www-project-top-ten/

Each of our cloud vendors have a WAF solution available to protect your assets in the cloud.  Each has a pricing model associated with them so please look at that and how it will impact your cloud spend.

AWS Documentation getting started:  https://docs.aws.amazon.com/waf/latest/developerguide/getting-started.html

AWS WAF Implementation Guidlines: https://d1.awsstatic.com/whitepapers/guidelines-implementing-aws-waf.pdf

AWS WAF and blocking the OWASP top 10 attacks https://d0.awsstatic.com/whitepapers/Security/aws-waf-owasp.pdf

Azure WAF Documentation: https://docs.microsoft.com/en-us/azure/web-application-firewall/ag/ag-overview

GCP Cloud Armor (WAF and DDOS solution): https://cloud.google.com/armor/