A web application firewall (WAF) is an application firewall for HTTP applications. It applies a set of rules to an HTTP conversation. Generally, these rules cover common attacks vectors. While proxies generally protect clients, WAFs protect servers. Hence, a WAF protects a specific web application or set of web applications. Engineers consider a WAF a reverse proxy. WAFs may come in different forms, and the effort to perform this customization can be significant and as the application changes.