General information about Web Application Facility Protection (WAF)

Last update: October 23 2025

WAF (Web Application Firewall) is a class of solutions that secure a web application at the L7 level, protecting a site or application from targeted attacks.

A targeted attack is an attack on your website or application to steal sensitive data, gain access to internal systems, cause reputational damage, or disrupt your application.Targeted attacks are often disguised as normal user traffic.

Services available at Selectel include:

• WAF Curator;
• Protect your site with StormWall's WAF.

Principle of operation

Traffic that has been cleaned by DDoS protection filtering nodes is redirected to the WAF.The WAF analyzes HTTP and HTTPS traffic and applies filtering rules to clean traffic from malicious requests.

WAF works based on machine learning algorithms.There is a mandatory training and monitoring period that lasts about two to three weeks.The length of the training period depends on the volume of incoming traffic.During the training period, WAF analyzes the traffic directed to your application and learns how to protect your application.For training, it uses:

• Behavioral Analysis — WAF studies user behavior and learns to recognize abnormal behavior;
• Signature analysis — WAF matches traffic to known types of attacks.

In this way, a list of filtering rules is generated and the accuracy of blocking attacks is improved.After training is completed, the WAF can start actively blocking attacks.

Limitations

WAF analyzes traffic that has already been cleansed from attacks, so the service can only be activated in addition to application-level DDoS protection (L7).For more information on how DDoS protection works, see the General information about DDoS protection.