Web Application Firewall

Prevent attacks before they start with a cloud firewall that features intelligent threat detection, continuous vulnerability updates, and powerful customization options. Full security starts at the cloud’s edge.

First Month Free

Sign Up Now

No credit card required.

By clicking "Sign Up" you agree to the StackPath MSA and AUP

Integrated Technologies

Comprehensive Protection

Think of it as a wall of walls. StackPath WAF integrates multiple technologies, including Advanced Browser Validation and IP Reputation and Custom Rules engines, into an intelligent firewall that can be customized to meet your specific protection profile.

Real-time Updating

Total Control

Don’t wait for security. StackPath WAF gives you direct control over every WAF feature, via API and our easy-to-use customer portal. Any change you make is instantly pushed to the edge and ready to go. No more waiting for a WAF request to be read and manually implemented.

Integrated or Standalone

Flexible Deployment

StackPath WAF integrates seamlessly with other StackPath services for exceptional performance and cost-effectiveness. But you can also put it in front of sites or properties you have running on your own or third-party infrastructure, extending StackPath security beyond our platform.

Immediate Policy Activation

Instant is our policy.

The security landscape changes in a heartbeat. StackPath security researchers continuously assess industry-wide activity and analyze the traffic across our entire global platform to identify emerging trends and vulnerabilities. Then they create and activate new standard WAF policies that are updated live in all of our locations.

Standard policies include blocking specific user-agents, bots, Tor, VPNs, known hosting IPs, remote file inclusion, XSS, SQL Injection, brute force attempts, and more, and they can be enabled/disabled in real-time through our customer portal.

Bot & Scraping Protection

Fight automation with automation.

Hackers use automated technologies, like bots, to scan your sites for vulnerabilities, steal your assets, and spam your servers. So StackPath WAF integrates automated technologies including Advanced Browser Validation and an IP Reputation Engine to detect and block automated activity, shutting down bots, scanners, scrapers, spammers, and browser automation frameworks.

01 Advanced Browser Validation
02 IP Reputation Engine
03 Custom Rules Engine
04 Free Private EdgeSSL Certificate

Advanced Browser Validation

We know a bot when we see one.

When our Advanced Browser Validation technology detects automated traffic hitting your site, we put a “prove you’re human” challenge on your site via JavaScript injection.

If the challenge is met, we mark a token and the traffic is accepted. If the challenge isn’t met, the IP will be automatically blocked, keeping out bots, scrapers, DDoS attacks, and more.

And our instantly enabled/disabled standard policies and customer rules engine let you whitelist the bots you like, such as search engine crawlers or approved API requests.

IP Reputation Engine

We do give a damn ‘bout their bad reputation.

Our IP Reputation Engine blocks IP addresses known to be sources of unwanted traffic, including VPN networks, Tor nodes, hosting services, and proxy networks. Our security researchers constantly keep the blacklist up to date with the latest suspects, and you can include or exclude IP addresses in real-time by using our Custom Rules Engine.

Custom Rules Engine

Make your own rules.

Our Custom Rules Engine makes it easy to create sophisticated rules to meet your specific needs, turn them on or off at will, and track their effect on your traffic. Custom rules can be based on traffic data including URL requested, IP, country, and more, or data from within the StackPath platform such as traffic rates. Block or allow specific IPs, limit access to your login pages, and even rate limit access to a specific URL or your API.

Free Private EdgeSSL Certificate

Let’s give you some privacy.

While other edge services only provide you a shared SSL certificate, a free private StackPath EdgeSSL certificate is available for every StackPath WAF site you create. Easy to request and setup, your EdgeSSL certificate is served from our edge nodes, providing faster performance and higher availability by taking that workload off of your origin.

  • Full 256-bit encryption
  • 2048-bit signatures
  • Automatic renewal
  • Provided in partnership with Sectigo (formerly Comodo CA)

Learn more about EdgeSSL »