Web Application Firewall (WAF)


With CloudProtect's Web Application Firewall (WAF), you instantly enable enterprise-class protection with built-in policies mitigating the most common and dangerous threats, including OWASP Top 10, right out-of-the-box, requiring little-to-no configuration

In addition, around-the-clock security experts update built-in policies in real-time to address emerging or increasing threats identified anywhere in the world, requiring no action on your part

Go further with powerful customization and integration options to create and tailor WAF policies and behavior to fit your workloads unique security needs

Security, Performance, Reliability, and Monitoring all in one plan
Cloud Protect
Increased Security

Content protection features, delivery control, DDoS attack mitigation, SSL, a private network backbone, and other platform-wide security measures enable you to better protect content and operations, reducing the cost of business lost to downtime, theft, and other malicious activity

Precise Threat Identification

Unique device-level fingerprinting, diverse DDoS attack profiling, malicious bot blocking & backdoor protection. In addition, globally synchronized threat detection and mitigation reduces false positives and catches sophisticated and emerging threats

Use Cases

Application Protection

Protect applications including websites, online games, APIs and SaaS products, with little to no additional performance overhead or impact to legitimate traffic

Content Protection

Control access to and protect the value of the content you sell or deliver, such as photography, video streams and files, audio streams and software packages

DDoS Attack Mitigation

Block and resolve application-layer DDoS attacks of any size, with unique and comprehensive identification technologies and techniques

Virtual Patching

Quickly and easily protect newly identified application vulnerabilities that have not yet been patched in your application source code

Security, Performance, Reliability, and Monitoring all in one plan

Key Features

Layer-7 DDoS Attack Mitigation

Overlapping layers of threshold rules (domain, burst, sub-second) recognize application layer DDoS attacks and activate the protection of individual or clustered resources, while machine-learned models of normal traffic allow good traffic through even while DDoS attacks are being mitigated

Bot Traffic Protection

Patented technology stops malicious activities—like inventory lockups, scraping and price stealing—from automated tools and bots, identifying and covering tactics and threats including common traffic anomalies, automated clients, domain-specific traffic anomalies, and headless browsers

Unique Two-Tier Architecture

Our unique two-tiered architecture features a centralized WAF Intelligence Cluster that analyzes traffic data from all requests in all SP// WAF locations and applies that learning and other threat intelligence to determine whether to block or allow new traffic

Device-level Fingerprinting

Patented device-level fingerprinting technology distinguishes individual devices—not just individual IP addresses—to take a better look at suspicious traffic and reduce false or missed positives from situations, like bad devices using different IPs or good devices using “bad” IPs

SSL Certificate Management

EdgeSSL, our SSL certificate management solution, lets you move the burden of SSL from your origins and reduce the performance costs of SSL encryption by serving your certificates from the edge. Use your own private SSL certificate uploaded to the StackPath Control Portal, or a free private SSL certificate provided by StackPath

Built-in Policies

Powerful WAF policies created by our expert team are automatically activated for each WAF site you create—with no action needed from you or additional cost required— addressing vulnerabilities related to OWASP Top 10 threats, CSRF attacks, automation and bot protection, and more

Customized Rules Engine

An easy-to-use rules editor lets you create rules that enforce your own policies and automate protection behaviors, including rate limiting, block and allow list IP addresses and ranges, and perform CAPTCHA

Real-time Data & Analytics

Built-in monitoring and reports provide real-time visibility of WAF activity, with all the details of any security event available