How does a WAF differ from traditional firewalls?

Traditional firewalls monitor and control network traffic based on predefined security rules, primarily at the network or transport layer (like IP, port numbers, and protocols). In contrast, a Web Application Firewall (WAF) filters and monitors HTTP/HTTPS traffic to and from a web application. Traditional firewalls protect against general threats at a network level, while WAFs protect against web application-specific attacks such as SQL injection, cross-site scripting (XSS), and other OWASP Top 10 vulnerabilities.