DDoS Attack means "Distributed Denial-of-Service (DDoS) Attack" and it is a cybercrime in which the attacker floods a server with internet traffic to prevent users from accessing connected online services and sites. Attackers send forged traffic to server and occupy all server resources. This prevents genuine users to reach website.
Internet bots or search engines are able to perform tasks that are simple and repetitive, quicker than a person could ever do. The most extensive use of bots is for web indexing/crawling, in which an automated script fetches, analyzes and files information from web servers. More than half of all web traffic is generated by bots. Internet is full of good bots and bad bots. Search engines are like a good bot, indexes your website for easy search. The bad ones will try to steal the content from websites, send spam, steal information, install malware, abuse APIs, brute force passwords, or initiate a DDoS attack.

A "web application firewall (WAF)" is an application firewall for HTTP applications. IT filters traffic based on a set of rules to an HTTP conversation. Generally, these rules cover OWASP (Open Web Application Security Project) op Vulnerabilities in addition to common vulnerabilities such as Cross-site Scripting (XSS) and SQL Injection.
Most of the OWASP Top vulnerabilities are covered using WAF.

Any application code vulnerabilities can be addressed by WAF. Applying rules in WAF for the specific vulnerability is called Virtual Patching. The virtual patch works since the security enforcement layer analyzes transactions and intercepts attacks in transit, hence malicious traffic never reaches the web server. The resulting impact of virtual patch is that, while the actual source code of the application itself has not been modified, the exploitation attempt does not succeed.

WAF has become compliance standard also. Industry standards like PCI-DSS (Payment Card Industry Data Security Standard) and GDPR (General Data Protection Regulation) have the requirements for WAF. Different counties have different Data Privacy laws and hence Data can be protected by the use of WAF.

WAF can be a cetral point of traffic flow and hence Threats can be identified in real time. WAF threats logs can be sent to SIEM (Security information and event management) tool in order to investigate the logs and take action. It is useful for CSIRT Team and administrators to analyse and block unwanted traffic.

WAF can be used to block geographic location or countries based on threat intel or attack vectors. If organisation web application do not require to serve certain geographic customers then the geography can be blocked in WAF.