SP// Web
Application Firewall

Protect your edge.

Contact Sales

Download Data Sheet

Precise Threat Identification

Always Up-to-Date

Instant and Easy Setup

Customization and Control

The size, speed, and sophistication of online attacks grow every day. Protect your web applications and APIs with the level of security, simplicity or sophistication, and services that meet your specific needs. SP//WAF delivers enterprise-class protection with little-to-no configuration required and the opportunity to create and tailor your WAF to fit your unique needs.

Use Cases

Application Protection

Protect applications including websites, online games, APIs and SaaS products, with little to no additional performance overhead or impact to legitimate traffic

Content Protection

Control access to and protect the value of the content you sell or deliver, such as photography, video streams and files, audio streams and software packages

DDoS Attack Mitigation

Block and resolve application-layer DDoS attacks of any size, with unique and comprehensive identification technologies and techniques.

Virtual Patching

Quickly and easily protect newly identified application vulnerabilities that have not yet been patched in your application source code.

Precise Threat Identification

Unique device-level fingerprinting, diverse DDoS attack profiling, and globally synchronized threat detection and mitigation reduces false-positives and catches sophisticated and emerging threats.

Instant and Easy Setup

Built-in policies created by our expert security team mitigate the most common and dangerous threats, including OWASP Top 10, right out-of-the-box, requiring little-to-no configuration.

Always Up to Date

Allow our around-the-clock security experts update built-in policies in real-time to address emerging or increasing threats identified anywhere in the world, requiring no action on your part.

Lower Total Costs

Altogether, our platform and products can help you reduce total bandwidth consumption, reduce downtime, and increase accessibility, leading to lower operational costs and optimizing your assets’ monetization.

Learn more about giving Gaming or Media and Entertainment workloads an edge.

Key Features

Two Tier Architecture

Our unique two-tiered architecture features a centralized WAF Intelligence Cluster that analyzes traffic data from all requests in all SP// WAF locations and applies that learning and other threat intelligence to determine whether to block or allow new traffic.

Device-level Fingerprinting

Patented device-level fingerprinting technology distinguishes individual devices—not just individual IP addresses—to take a better look at suspicious traffic and reduce false or missed positives from situations, like bad devices using different IPs or good devices using “bad” IPs.

Built-in Policies

Powerful WAF policies created by our expert team are automatically activated for each WAF site you create—with no action needed from you or additional cost required— addressing vulnerabilities related to OWASP Top 10 threats, CSRF attacks, automation and bot protection, and more.

Anti-Automation Suite / Bot Traffic Protection

Patented technology stops malicious activities—like inventory lockups, scraping and price stealing—from automated tools and bots, identifying and covering tactics and threats including common traffic anomalies, automated clients, domain-specific traffic anomalies, and headless browsers.

Customized Rules Engine

An easy-to-use rules editor lets you create EdgeRules™ that enforce your own policies and automate protection behaviors, including rate limiting, block and allow list IP addresses and ranges, and perform CAPTCHA.

Layer-7 DDoS Attack Mitigation

Overlapping layers of threshold rules (domain, burst, sub-second) recognize application layer DDoS attacks and activate the protection of individual or clustered resources, while machine-learned models of normal traffic allow good traffic through even while DDoS attacks are being mitigated.

SSL Certificate Management

EdgeSSL, our SSL certificate management solution, lets you move the burden of SSL from your origins and reduce the performance costs of SSL encryption by serving your certificates from the edge. Use your own private SSL certificate uploaded to the StackPath Control Portal, or a free private SSL certificate provided by StackPath.

Data & Analytics

Built-in monitoring and reports provide real-time visibility of WAF activity, with all the details of any security event available.

Customized Sanction Screens

Customize the page that SP//WAF serves to suspicious or blocked traffic with your own message and branding, providing your users is a seamless experience. Customized Sanction Screens are easy to implement on your own or with help from our team, included in our Professional and Enterprise subscriptions, and can be added to Essentials.

WAF Professional Services

Get expert help planning or setting up security profiles and advanced configurations to meet your specific needs. Our WAF Professional Services team includes developers and engineers responsible for building and running our SP//WAF, giving you direct access to the people who know SP//WAF better than anyone.


Scroll Right For More Packages

$60 / Month
$1,700 / Month
$4,000 / Month
WAF Requests 1M / Month 40M / Month 100M / Month
WAF Sites 1 20 50
WAF Custom Rules 3 80 250
SSL Certificate 1 / WAF Site 1 / WAF Site 1 / WAF Site
OWASP Coverage Included Included Included
Bot Protection Included Included Included
L7 DDoS Attack Mitigation Included Included Included
API Security Included Included Included
Portal & Analytics Included Included Included
All WAF Edge Locations Included Included Included
Custom Rules Extension - Included Included
Advanced Rules - - Included
WAF Professional Services (one time) - 2 Hours 4 Hours
Customized Sanction Screens - 1 Set 2 Sets
Support Tier (Coming Soon) Standard Silver Gold
IP ACLs (Allow/Block) Available Available Available
Log Streaming Additional Fee Additional Fee Additional Fee
Additional 1M WAF requests $10 / Month $5 / Month $2 / Month
Additional WAF Site $15 / Month $5 / Month $1 / Month
Additional WAF Custom Rule $10 / Month $5 / Month $2 / Month
Additional Customized Sanction Screens $200 / Set $175 / Set $150 / Set
Additional Customized Sanction Screens $200 / Set $175 / Set $150 / Set
Additional WAF Professional Services (4 Hours minimum) $375 / Hour $325 / Hour $300 / Hour

Ready to Protect Your Edge?

Sign Up and set up StackPath today or request a demo.

Our Platform

Powering all of StackPath is a high-performance, fully automated, and completely secure global platform that seamlessly integrates best-in-class orchestration, hardware infrastructure, and network architecture.

Edge Locations

50+ edge locations strategically deployed where customers’ end-users are most densely concentrated. Unlike legacy providers’, each location is a complete deployment of our computing, networking, and orchestration stack.


Our orchestration engine provisions and manages all aspects of SP// edge IaaS, edge applications, and accounts, and puts the whole StackPath platform at customers’ fingertips via an easy to use customer portal and comprehensive APIs.

Edge Network

Our multi-dimensional network provides high-speed throughput (with up to 95% of all traffic handed directly to last-mile networks) and exceptional total egress capacity (65tbps+). Also, it keeps data off the public internet as long as possible.