SP// web application
Firewall
Protect your edge.
Precise Threat Identification
Always Up-to-Date
Instant and Easy Setup
Customization and Control
The size, speed, and sophistication of online attacks grow every day. Protect your web applications and APIs with the level of security, simplicity or sophistication, and services that meet your specific needs. SP// WAF delivers enterprise-class protection with little-to-no configuration required and the opportunity to create and tailor your WAF to fit your unique needs.
Application protection
Protect applications including websites, online games, APIs and SaaS products, with little to no additional performance overhead or impact to legitimate traffic
Content protection
Control access to and protect the value of the content you sell or deliver, such as photography, video streams and files, audio streams and software packages
DDoS attack mitigation
Block and resolve application-layer DDoS attacks of any size, with unique and comprehensive identification technologies and techniques.
Virtual patching
Quickly and easily protect newly identified application vulnerabilities that have not yet been patched in your application source code.
Precise threat identification
Unique device-level fingerprinting, diverse DDoS attack profiling, and globally synchronized threat detection and mitigation reduces false-positives and catches sophisticated and emerging threats.


Instant and easy setup
Built-in policies created by our expert security team mitigate the most common and dangerous threats, including OWASP Top 10, right out-of-the-box, requiring little-to-no configuration.
Always up to date
Allow our around-the-clock security experts update built-in policies in real-time to address emerging or increasing threats identified anywhere in the world, requiring no action on your part.


Lower total costs
Altogether, our platform and products can help you reduce total bandwidth consumption, reduce downtime, and increase accessibility, leading to lower operational costs and optimizing your assets’ monetization.

Give your Gaming or Media workloads an edge.
Key features
Built-in Policies
Powerful WAF policies created by our expert team are automatically activated for each WAF site you create—with no action needed from you or additional cost required—addressing vulnerabilities related to OWASP Top 10 threats, CSRF attacks, automation and bot protection, and more.
Anti-Automation Suite / Bot Traffic Protection
Patented technology stops malicious activities—like inventory lockups, scraping and price stealing—from automated tools and bots, identifying and covering tactics and threats including common traffic anomalies, automated clients, domain-specific traffic anomalies, and headless browsers.
Layer-7 DDoS Attack Mitigation
Overlapping layers of threshold rules (domain, burst, sub-second) recognize application layer DDoS attacks and activate the protection of individual or clustered resources, while machine-learned models of normal traffic allow good traffic through even while DDoS attacks are being mitigated.
API Discovery
Automatically scan for, detect, and organize exposed APIs, both authorized and shadow, for your web applications.
Customized Rules Engine
An easy-to-use rules editor lets you create EdgeRules™ that enforce your own policies and automate protection behaviors, including rate limiting, block and allow list IP addresses and ranges, and perform CAPTCHA.
Tag-related Rules
Our easy-to-use Custom Rules Editor lets you create rules triggered by tags applied to requests by the SP// WAF. SP// WAF Professional and SP// WAF Enterprise users can even create rules that generate and apply custom tags to requests, and then create rules based on those custom tags, for an exceptional level of customization and control.
Data & Analytics
Built-in monitoring and reports provide real-time visibility of WAF activity, with all the details of any security event available.
Security Insights
Security Insights provide near real-time portal alerts informing users of potential security vulnerabilities and system configuration mismanagement.
IP Spotlight
See all the information we have gathered on any entered IP address, including a calculated Risk Assessment Score and an accounting of known attacks. This increased visibility will help you make a more data-driven decision regarding securing your web presence.
Two Tier Architecture
Our unique two-tiered architecture features a centralized WAF Intelligence Cluster that analyzes traffic data from all requests in all SP// WAF locations and applies that learning and other threat intelligence to determine whether to block or allow new traffic.
Device-level Fingerprinting
Patented device-level fingerprinting technology distinguishes individual devices—not just individual IP addresses—to take a better look at suspicious traffic and reduce false or missed positives from situations, like bad devices using different IPs or good devices using “bad” IPs.
SSL Certificate Management
EdgeSSL™, our SSL certificate management solution, lets you move the burden of SSL from your origins and reduce the performance costs of SSL encryption by serving your certificates from the edge. Use your own private SSL certificate uploaded to the StackPath Control Portal, or a free private SSL certificate provided by StackPath.
Custom Pages
Customize the page that SP// WAF serves to suspicious or blocked traffic with your own logo, browser title, page title, and page message, providing your users with a seamless, on-brand experience. Custom pages are easy to create and edit within our control portal on your own or with help from our team.
Learn more about the SP// platform
Powering all of StackPath is a high-performance, fully automated, and completely secure global platform that seamlessly integrates best-in-class orchestration, hardware infrastructure, and network architecture.
Edge locations
73 edge locations strategically deployed where customers’ end-users are most densely concentrated. Unlike legacy providers’, each location is a complete deployment of our computing, networking, and orchestration stack.
EdgeEngine™
Our orchestration engine provisions and manages all aspects of SP// edge IaaS, edge applications, and accounts, and puts the whole StackPath platform at customers’ fingertips via an easy to use customer portal and comprehensive APIs.
Edge network
Our multi-dimensional network provides high-speed throughput (with up to 95% of all traffic handed directly to last-mile networks) and exceptional total egress capacity (100+Tbps). Also, it keeps data off the public internet as long as possible.
Pricing
For enterprise pricing please contact sales.
Included | Essentials $60 / Month | Professional $1,700 / Month | Enterprise $4,000 / Month |
---|---|---|---|
WAF Requests | 1M / Month | 40M / Month | 100M / Month |
WAF Sites | 1 | 20 | 50 |
WAF Custom Rules | 3 | 80 | 250 |
SSL Certificate | 1 / WAF Site | 1 / WAF Site | 1 / WAF Site |
OWASP Coverage | Included | Included | Included |
Bot Protection | Included | Included | Included |
L7 DDoS Attack Mitigation | Included | Included | Included |
API Security | Included | Included | Included |
API Discovery | – | Included | Included |
Portal & Analytics | Included | Included | Included |
All WAF Edge Locations | Included | Included | Included |
Standard Support* | Included | Included | Included |
Custom Rules Extension | – | Included | Included |
Advanced Rules | – | – | Included |
WAF Professional Services (one time) | – | 2 Hours | 4 Hours |
Customized Sanction Screens | – | 1 Set | 2 Sets |
IP ACLs (Allow/Block) | Available | Available | Available |
Additional | Essentials | Professional | Enterprise |
---|---|---|---|
Log Streaming | Additional Fee | Additional Fee | Additional Fee |
Additional 1M WAF requests | $10 / Month | $5 / Month | $2 / Month |
Additional WAF Site | $15 / Month | $5 / Month | $1 / Month |
Additional WAF Custom Rule | $3 / Month | $2 / Month | $1 / Month |
Additional Customized Sanction Screens | $200 / Set / Month | $175 / Set / Month | $150 / Set / Month |
Additional WAF Professional Services (4 Hours minimum) | $375 / Hour | $325 / Hour | $300 / Hour |
Learn more about SP// WAF
API docs
Integrate SP// WAF directly into your own products and workflows.
Getting started
Check out easy guides for setting up your StackPath services.
Edge security
Browse content related to edge security, including blog and Edge Academy articles.