A web application firewall (WAF) serves to monitor and filter HTTP traffic to and from a web application. Its primary function is to protect against various threats, including SQL injection and XSS (Cross-Site Scripting) attacks, by analyzing incoming requests and blocking malicious ones. By acting as a shield between the web application and external actors, a WAF enhances security and helps maintain application performance.