OK, sure. The WAF does ingress filtering though. It's useful, and ingress filtering is what we were talking about.
In my architecture, the same services also perform egress filtering. It's also useful, but not the WAF or the topic of conversation.
I think people get upset about the term "WAF". It's just a new label for the longstanding practice of upper-layer ingress filtering (i.e. DPI and reverse-proxy filtering). But it's often a dedicated service now, so it needs a name of some kind.
A poorly-configured WAF breaks things, just like a poorly-configured (any other network service).
In my architecture, the same services also perform egress filtering. It's also useful, but not the WAF or the topic of conversation.
I think people get upset about the term "WAF". It's just a new label for the longstanding practice of upper-layer ingress filtering (i.e. DPI and reverse-proxy filtering). But it's often a dedicated service now, so it needs a name of some kind.
A poorly-configured WAF breaks things, just like a poorly-configured (any other network service).