Which security measure is designed to protect web servers from attacks like cross-site scripting?

The Web Application Firewall (WAF) is specifically designed to protect web applications by filtering and monitoring HTTP traffic between a web application and the Internet. It provides an additional layer of security that helps prevent various types of attacks, including cross-site scripting (XSS), SQL injection, and other common web-based threats.

A WAF operates by employing rule sets that can recognize and block malicious input before it reaches the web application. This is particularly relevant for cross-site scripting attacks, where an attacker injects malicious scripts into web pages viewed by other users. By inspecting the request and response data being sent to and from the web server, a WAF can filter out malicious scripts, thus safeguarding the application and its users.

In contrast, a firewall is primarily focused on controlling incoming and outgoing network traffic based on predetermined security rules and does not specifically address web application layer threats. Routers direct traffic on the network without applying specific security measures for web applications, and while an Intrusion Detection System (IDS) can detect potential threats, it does not actively block them like a WAF does. Thus, a Web Application Firewall is the most effective measure for defending against attacks like cross-site scripting on web servers.