Layer 7 DDoS Attacks
All incoming traffic is constantly measured and if a threshold is exceeded an attack is suspected and all traffic is challenged to verify it is coming from a human.
How It Works
StackPath WAF provides full-time protection for your websites and applications by analyzing all traffic and only allowing legitimate and authorized access. Simply:
- Point your Website, Application, or API to StackPath
- Review the standard WAF policies that are active by default
- Deactivate or customize any standardized policies as desired.
- Create customized WAF rules and IP whitelists and blacklists if necessary.
Intelligent Protection
StackPath WAF is designed to require zero-touch configuration, and to continue getting smarter as it is used. Traffic is constantly analyzed to profile behavior, detect inconsistencies, and determine reputation, leveraging advanced intelligence algorithms and expert security analysts. Every attack makes our WAF smarter and even more secure from emerging threats.
Cross-site Scripting
Block attackers from injecting client-side scripts into web pages to bypass typical access controls and dupe end users.
Automated Traffic (Bots)
State-of-the-art detection technologies, including device fingerprinting, protects against automated traffic with an unparalleled level of precision and control.
SQL Injection
Protect against malicious SQL statements being entered into input fields and executed by an underlying SQL database of a vulnerable website or application.
OWASP Top 10 Threats
Policies protecting against the top ten security threats identified by the Open Web Application Security Project active by default.
Your WAF. Your rules.
StackPath WAF comes with an extensive set of smart policies, but you can create sophisticated rules to meet your specific needs, based on traffic data including URL requested, IP, country, and more, or data from within the StackPath platform such as traffic rates.
Easily Create New Rules
An easy-to-use rules editor makes it simple to select and define rule variables and the actions the rule should put into effect.
Deploy Instantly Worldwide
Custom rules are deployed and activated globally at your push of a button. No more waiting for someone else respond to a ticket or request.
Layer 7 DDoS Protection
StackPath WAF automatically protects against Layer 7 DDoS attacks, the largest and most common types of attacks. The WAF measures and analyzes all traffic coming through it; if a domain threshold, burst threshold, or sub-second burst threshold (all of which can be customized) is exceeded the WAF suspects an attack and challenges traffic to verify it is coming from a human.
Customize Thresholds
Predefined thresholds can be configured per domain, allowing protection to be customized to the domain’s acceptable traffic profile.
White List Traffic Sources
Known legitimate traffic sources, like search engines, are allowed through even during a DDoS attack.
Real-time Monitoring & Analytics
StackPath provides real-time insights into your website traffic and security events.
Real-time Traffic
Get real-time insights into your web application security events.
Geolocation
StackPath provides information about the country and organization your visitors are coming from.
Analyze Security Events
You don’t need to be a security expert to analyze your web application security events, full details about each event are available within the WAF event management.
More Statistics
Information about the top threat actions, origins and the most active rules provide an extra layer of info that will help you get more insights about the malicious traffic that was blocked.
Protection All Around the World
StackPath WAF runs in all of our edge locations around the world, providing your websites and applications global security in one single service.
All PoPs Included
Every edge location of our advanced global network is included with every WAF or Edge Delivery subscription, with no additional charges for using the whole map or any specific region.
Global Threat Intelligence
Any security vulnerability identified by our WAF anywhere in the world goes into the WAF policies active in all edge locations, implemented and activated in real time.
Need a customized high-volume WAF plan?
Contact usGet started today
Get CDN, WAF, DNS, and Monitoring all in one package. No credit card required. First month free on select Plans.
Recommended
Edge Delivery 20
For professional websites and blogs with standard content and average traffic levels.
- CDN – 1TB/mo Bandwidth
- WAF – 5M/mo Requests & 5 Rules
- DNS – 2M/mo DNS Requests
- Monitoring – 1 Service
One Month Free Trial
Edge Delivery 200
For professional websites and blogs with standard content and average traffic levels.
- CDN – 10TB/mo Bandwidth
- WAF – 10M/mo Requests & 10 Rules
- DNS – 5M/mo DNS Requests
- Monitoring – 5 Services
$200/month
Edge Delivery 2000
For professional websites and blogs with standard content and average traffic levels.
- CDN – 100TB/mo Bandwidth
- WAF – 50M/mo Requests & 20 Rules
- DNS – 10M/mo DNS Requests
- Monitoring – 10 Services
$2000/month
WAF
For professional websites and blogs with standard content and average traffic levels.
- 10M Requests
- 5 Custom Rules
- Unlimited Sites
- Free Private SSL Certificate
- Built-in OWASP & CMS Rules
One Month Free Trial
Easy to Manage
StackPath WAF is designed to allow you to manage and control it on your terms.
Learn more »
Simple Setup
Our customer portal’s streamlined workflows make setup and management simple. So you can get your WAF up and running fast, and don’t get lost in screens of settings and switches.
Advanced Controls
Our API and customer portal gives technical experts access to extremely granular control, from creating sophisticated WAF rules, customizing IP block and allow lists, and more.