I recently learned about a kind of firewall designed to protect Web Applications: WAF (Web Application Firewall).

A WAF protects Web Applications from an attacher that makes requests using HTTP.

Malicious HTTP requests to the Web App are valid TCP requests, and a Network Firewall would recognize them as legit.

Indeed Network Firewall checks the low layers of the network stack (layers 3 and 4 of the OSI). Instead, a WAF works at the application layer.

A WAF can prevent many of the OWAPS top 10 attacks.

It is possible to design the Web App. with security in mind and protect it from attacks like SQL injection, Cross Site Scripting (XSS) or Traffic Flood.

Anyway, many web apps (especially legacy systems) lack security support. In those cases, deploying a WAF that protects all those applications is a wise solution.

Here is a brief and precise video on WAF: What is a Web WAF? By F5 DevCentral.