A web application firewall (WAF) is generally hardware and/or software that resides between a web client and a web server. A web application firewall applies a set of rules to hypertext transfer protocol (HTTP) conversations. Generally, the rules applied by the WAF aim to prevent common attacks such as cross site scripting (XSS) and structured query language (SQL) injection. These rules can be customized for specific web applications to identify and block attacks thereon, or to define specifically which input should follow certain criteria and otherwise to block the input. However, the effort to perform this customization can be significant, and maintaining this customization can also be significant especially when the web application is modified.
For example, some conventional WAFs that are located within a web server perform web content filtering based on rules that are described as regular expressions. Creating and maintaining the rules can be time consuming (i.e., expensive), especially if the rule writer must guess the names and allowable values of each of the fields in each page/field of the web application.