Cloudflare Web Application Firewall (WAF)
Protect your website against SQL injections, cross-site scripting attacks and more
Cloudflare’s Web Application Firewall (WAF) protects your website from SQL injection, cross-site scripting (XSS) and zero-day attacks, including
OWASP-identified vulnerabilities and threats targeting the application layer. Customers include the Alexa-ranked Top 50, financial institutions, ecommerce companies and major enterprises. Fully-integrated with our DDoS protection, our WAF blocks millions of attacks daily, automatically learning from each new threat.
A robust rules engine to customize to your needs
Our WAF runs ModSecurity rule sets out of the box, protecting you against the most critical web application security flaws as identified by OWASP. It can also handle your existing rule sets and custom rules. Rules become effective in under 30 seconds.
Cloud deployment plus DDoS mitigation and CDN
As a cloud-based service, Cloudflare’s WAF requires no hardware or software to install and maintain. Deploy the WAF with a single click, customizing it to meet your needs.
Its integration into the overall Cloudflare service means you get additional functionality for free. You can secure your website against DDoS attacks and use our global content delivery network to make it run faster.
- Automatic protection
from diverse threats, with
strong default rule sets and
providing Layer 7 protection
that is fully integrated with
- Lightning-fast 0.3 ms processing times, with instant global updates
- Compliance for PCI DSS requirement 6.6 —Cloudflare’s WAF enables you to cost-effectively fulfill PCI compliance
- Real-time reporting — robust logging lets you see what’s happening instantaneously
- Cloud deployment with no hardware, software or tuning required