Application firewall
Application firewalls (also called proxy firewall or application gateway) operate on layer 7 of the OSI model. They enable to conduct a much more detailed analysis of the flow of information. They can thus reject all the requests that don't comply with the protocol's specifications. They are hence able to check, for example, that only the HTTP protocol passes through port 80. It is also possible to ban the use of TCP tunnels that enable to bypass the filtering by ports. In fact, it is possible to ban, for example, the users from using some services, even if they change the port number. The major focus remains the prevention against SQL, XSS injection threats, etc.