There are three different types of WAFs:
1. Hardware-based WAF: A hardware-based WAF is deployed through a hardware appliance, installed within the LAN close to the web and application servers. Hardware-based WAFs have fast speed and high performance. Due to their physical proximity to the server, they track and filter data packets to and from the website with very low latency. They are most suitable for large businesses.
2. Software-based WAF: Different from a hardware-based WAF, a software-based WAF is installed in a virtual machine instead of a physical hardware appliance. All the WAF components are essentially the same as a hardware WAF. The one difference is that users would need to have their own hypervisor to run the virtual machine. The biggest benefit of a software-based WAF is its flexibility. It can be used within an on-premises system, and can also be deployed in the cloud, connecting to cloud-based web and application servers. It is not as fast as a hardware-based WAF, since a higher latency is experienced during the monitoring and filtering process. Software-based WAFs are suitable for small and medium-sized organizations.
3. Cloud-based WAF: A cloud-based WAF is provided and managed directly by a service provider in the form of a SaaS. With a cloud-based WAF, the WAF components are entirely located in the cloud, so that the user does not need to install anything locally or in any virtual machines. Because these WAFs are cloud-based, they are very simple. The user does not need to install any software physically and only needs to enroll in a subscription plan. The user is not required to manage the WAF by themselves because the service provider is responsible for providing all the optimization and updates. However, the disadvantage is that there is not much room for customization, since the WAF is managed entirely by the service provider,