What is it?
WAF means Web Application Firewall and it is security software that has been developed to monitor and protect web based applications and websites. It monitors all traffic over HTTP. It prevents the use of XSS and SQL injections.
These are becoming very popular in the line of many defences web developers and designers are having to put in place to protect their customers. They work off of a set of rules which are constantly updating by companies such as Comodo. At a designated time, the web server would contact the central database at a security company such as Comodo and download the latest set of security rules.
Where will I find WAF on my server?
This can vary depending on the setup you are using. If you are using a third party web hosting company it may already be installed on your web space. The Plesk control panel has it already installed. If you are using Plesk and you can not see it, simply call your provider as it might just need to be enabled on your web space.
If you have built your own network from scratch for your website or application, you will need to install this manually. There are many places on the internet with instructions of how to do this and how to configure it.
A great place to get started is at GitHub. Here you will find the files to download and install.