Azure Web Application Firewall (WAF) protects web applications from common vulnerabilities and exploits at the application layer. It runs on Azure Application Gateway and Azure Front Door, using managed rule sets based on the OWASP Core Rule Set plus custom rules. Centralized protection at the edge lets organizations shield multiple applications from injection, cross-site scripting, and bot traffic.