Akamai：2025年从WAF到WAAP：全栈应用与API安全解决方案白皮书（英文版）

A traditional WAF sits in the middle of the traffic flow between end users and a web application. The WAF inspects unencrypted or encrypted HTTP traffic passing through it for any attacks as defined by a list of rules. Most WAFs rely on a predefined list of rules to identify malicious HTTP requests interspersed with legitimate HTTP traffic to guard against thousands of potential known exploits. In addition, new attack vectors or additional permutations of existing ones continuously evolve and