An Application layer firewall as the name suggests, is a firewall operating at the application layer of a protocol stack. Generally a host using various forms of proxy servers to proxy traffic, instead of routing it. As it works on the application layer, it may also inspect the contents of the traffic, blocking what the firewall administrator views as inappropriate content, such as certain websites, viruses, known attempts to exploit logical flaws in client software, and so forth.

An application layer firewall does not route traffic on the network layer. All traffic stops at the firewall, and the firewall may initiate its own connections, if it finds that the traffic is ok according to the rules.