Enterprise Website Security & DDoS Protection

Protect your websites, applications, APIs, and more from the Internet’s worst vulnerabilities, threats, and attacks worldwide.

How It Works

How It Works

StackPath WAF provides full-time protection for your websites and applications by analyzing all traffic and only allowing legitimate and authorized access. Simply:

  1. Point your Website, Application, or API to StackPath
  2. Review the standard WAF policies that are active by default
  3. Deactivate or customize any standardized policies as desired.
  4. Create customized WAF rules and IP whitelists and blacklists if necessary.
Intelligent Protection

Intelligent Protection

StackPath WAF is designed to require zero-touch configuration, and to continue getting smarter as it is used. Traffic is constantly analyzed to profile behavior, detect inconsistencies, and determine reputation, leveraging advanced intelligence algorithms and expert security analysts. Every attack makes our WAF smarter and even more secure from emerging threats.

Layer 7 DDoS Attacks

All incoming traffic is constantly measured and if a threshold is exceeded an attack is suspected and all traffic is challenged to verify it is coming from a human.

Cross-site Scripting

Block attackers from injecting client-side scripts into web pages to bypass typical access controls and dupe end users.

Automated Traffic (Bots)

State-of-the-art detection technologies, including device fingerprinting, protects against automated traffic with an unparalleled level of precision and control.

SQL Injection

Protect against malicious SQL statements being entered into input fields and executed by an underlying SQL database of a vulnerable website or application.

OWASP Top 10 Threats

Policies protecting against the top ten security threats identified by the Open Web Application Security Project active by default.

Your WAF. Your rules.

Your WAF. Your rules.

StackPath WAF comes with an extensive set of smart policies, but you can create sophisticated rules to meet your specific needs, based on traffic data including URL requested, IP, country, and more, or data from within the StackPath platform such as traffic rates.

Easily Create New Rules

An easy-to-use rules editor makes it simple to select and define rule variables and the actions the rule should put into effect.

Deploy Instantly Worldwide

Custom rules are deployed and activated globally at your push of a button. No more waiting for someone else respond to a ticket or request.

Layer 7 DDoS Protection

Layer 7 DDoS Protection

StackPath WAF automatically protects against Layer 7 DDoS attacks, the largest and most common types of attacks. The WAF measures and analyzes all traffic coming through it; if a domain threshold, burst threshold, or sub-second burst threshold (all of which can be customized) is exceeded the WAF suspects an attack and challenges traffic to verify it is coming from a human.

Customize Thresholds

Predefined thresholds can be configured per domain, allowing protection to be customized to the domain’s acceptable traffic profile.

White List Traffic Sources

Known legitimate traffic sources, like search engines, are allowed through even during a DDoS attack.

Real-time Monitoring & Analytics

Real-time Monitoring & Analytics

StackPath provides real-time insights into your website traffic and security events.

Real-time Traffic

Get real-time insights into your web application security events.

Geolocation

StackPath provides information about the country and organization your visitors are coming from.

Analyze Security Events

You don’t need to be a security expert to analyze your web application security events, full details about each event are available within the WAF event management.

More Statistics

Information about the top threat actions, origins and the most active rules provide an extra layer of info that will help you get more insights about the malicious traffic that was blocked.

Protection All Around the World

StackPath WAF runs in all of our edge locations around the world, providing your websites and applications global security in one single service.

All PoPs Included

All PoPs Included

Every edge location of our advanced global network is included with every WAF or Edge Delivery subscription, with no additional charges for using the whole map or any specific region.

Global Threat Intelligence

Global Threat Intelligence

Any security vulnerability identified by our WAF anywhere in the world  goes into the WAF policies active in all edge locations, implemented and activated in real time.

Need a customized high-volume WAF plan?

Contact us

Get started today

Get CDN, WAF, DNS, and Monitoring all in one package. First month free on select Plans.

Recommended

Edge Delivery 20

For professional websites and blogs with standard content and average traffic levels.

  • CDN – 1TB/mo Bandwidth
  • WAF – 5M/mo Requests & 5 Rules
  • DNS – 2M/mo DNS Requests
  • Monitoring – 1 Service
$20/month
One Month Free Trial

Edge Delivery 200

For professional websites and blogs with standard content and average traffic levels.

  • CDN – 10TB/mo Bandwidth
  • WAF – 10M/mo Requests & 10 Rules
  • DNS – 5M/mo DNS Requests
  • Monitoring – 5 Services
$200/month

Edge Delivery 2000

For professional websites and blogs with standard content and average traffic levels.

  • CDN – 100TB/mo Bandwidth
  • WAF – 50M/mo Requests & 20 Rules
  • DNS – 10M/mo DNS Requests
  • Monitoring – 10 Services
$2000/month

WAF

For professional websites and blogs with standard content and average traffic levels.

  • 10M Requests
  • 5 Custom Rules
  • Unlimited Sites
  • Free Private SSL Certificate
  • Built-in OWASP & CMS Rules
$10/month
One Month Free Trial

Easy to Manage

StackPath WAF is designed to allow you to manage and control it on your terms.
Learn more »

Simple Setup

Simple Setup

Our customer portal’s streamlined workflows make setup and management simple. So you can get your WAF up and running fast, and don’t get lost in screens of settings and switches.

Advanced Controls

Advanced Controls

Our API and customer portal gives technical experts access to extremely granular control, from creating sophisticated WAF rules, customizing IP block and allow lists, and more.