generic term for set of software, web server extensions or hardware designed to filter WWW traffic at the application level in TCP network model.
Web application firewalls allow to create set of rules which both the queries to the server as well as responses from the server must meet before they are allowed to be transferred further.
In most cases they can be considered as IDS (Intrusion Detection Systems) or IPS (Intrusion Prevention Systems).
Common solutions include Apache mod_security
module, WebKnight and IronBee software.