Servers have different layers for communication. The OSI model has 7 layers. The firewall provided by most hosting companies is going to be focused on layers 3 and 4 of the OSI model. These layers are set to always allow http requests from port 80. Port 80 is set to always allow HTTP requests from Web clients. This is what allows a site to be visible to the internet. However, malware attacks today can be sent via an HTTP request through port 80. The difference between a safe request and a malicious request is the content being sent. A host's firewall does not examine the content being sent via port 80, it is merely interested on ensuring the the request is the correct type through the right port. If it is an HTTP request, it will be allowed through port 80. A web application firewall (WAF) works at Layer 7 of the OSI model, which is the application layer. A WAF utilizes a general rule set to determine if the content being sent is safe or malicious.