According to theCHFI v11 Web Application Forensics and WAF module, the primary function of aWeb Application Firewall (WAF)is toinspect, monitor, and filter HTTP/HTTPS trafficbetween a web application and its users. Unlike traditional network firewalls, which operate at the network or transport layer, WAFs function at theapplication layer (Layer 7)and are specifically designed to protect web applications from attacks such asSQL injection, Cross-Site Scripting (XSS), command injection, file inclusion, parameter tampering, and cookie poisoning.
WAFs such asModSecurityanalyze web requests and responses usingrule-based logic, signatures, anomaly detection, and behavioral analysis. CHFI v11 emphasizes that WAF logs are critical forensic artifacts, as they record blocked requests, rule violations, payload details, source IP addresses, timestamps, and attack patterns. These logs allow investigators to detect, reconstruct, and attribute web-based attacks during forensic investigations.
The other options do not describe the primary function of a WAF.Encryption of web trafficis handled by SSL/TLS, not WAFs.DDoS protectionis typically managed by network-level or cloud-based mitigation systems, although some WAFs may offer limited support.System log monitoringis the role of SIEM solutions, not WAFs.
Therefore, as defined in CHFI v11, the core purpose of a Web Application Firewall isinspecting and filtering HTTP traffic to protect web applications, makingOption Athe correct and verified answer.
