Web Application Firewalls, or WAFs, are a brilliant concept. In essence, they are pretty much what they say on the tin: A firewall for a web application – monitoring web traffic for a given web application, and deciding on whether to allow or deny specific requests.

The first thing that came to mind was protecting internal IIS web servers which have to accept potentially dirty external traffic from the Interwebs; Outlook Web Access, for example.

For more information, InformIT has a nice overview of WAFs.