Protect your apps from OWASP Top-10 threats and targeted attacks — without slowing down or losing availability.
A WAF is a firewall built for web applications. It sits between the user and your site, inspecting every request and letting only safe traffic through.
Suspicious attempts — like SQL injections or malicious scripts — get blocked, keeping your data secure and your site running smoothly.
The system analyzes incoming traffic and blocks malicious requests before they ever reach your application.
WAF can be enabled in just a few clicks from the control panel—no complex setup required—and it works seamlessly with CDN.
Billing is based on every 10,000 requests, so you never overpay for unused capacity.
No complicated setup—just a couple of clicks and the CDN-powered WAF shields your product from web threats.
Signing up in the Serverspace control panel takes just 20 seconds — all you need is your email address.
In the left sidebar under CDN, select WAF and add the link to your website or web application.
Congrats—your site is now protected from 99.9% of web threats. You’re all set to keep working.
Turn attack protection on or off right from the interface — no complicated setup required.
You can choose between detection-only mode (logging) or full blocking of suspicious requests.
Log storage and a detailed incident journal for analysis and compliance with security requirements.
New signatures and policies are updated without service downtime, ensuring your protection stays up to date.
WAF protects checkout forms and customer accounts from hacks and data theft.
It monitors requests to shopping carts, payment forms, and user dashboards, blocking attempts to inject malicious code or steal card details—reducing the risk of fraud and data leaks.
Helps meet PCI DSS requirements and blocks attacks on online services.
WAF inspects all traffic for vulnerabilities, protecting online banking and APIs from SQL injections and XSS. This makes PCI DSS audits easier and helps maintain customer trust.
Prevents leaks of personal data from students and citizens.
Services with user accounts and databases of students or citizens are protected from unauthorized access. WAF stops large-scale data breaches and attacks on public portals.
Ensures service stability, API protection, and SLA compliance.
WAF filters requests to APIs, login modules, and the control panel. It reduces the load from bots and scanners, helping maintain SLAs and keep services running smoothly.
Billing in Serverspace WAF is fully transparent: charges are based on every 10,000 requests, eliminating overpayment and scaling seamlessly as your traffic grows.
Why is WAF only available with CDN?
In Serverspace, WAF operates at the content delivery network (CDN) level. This setup filters traffic before it ever reaches your server, reducing infrastructure load. By working in tandem with CDN, protection against SQL injections, XSS, and other OWASP threats becomes highly effective: malicious requests are blocked at the edge, while users enjoy fast and secure access to your applications.
How is WAF billed in Serverspace?
Billing in Serverspace WAF is fully transparent: charges apply for every 10,000 requests processed through the filtering system.
This model gives you precise cost control with no overpayment for unused bundles. As your project traffic grows, the billing scales right along with it.
How is WAF different from DDoS protection?
DDoS protection blocks large-scale network attacks that overload servers, while WAF inspects every HTTP/HTTPS request to defend applications against OWASP Top-10 threats like SQL injections, XSS, API attacks, and data leaks. The best results come from using both services together. For complete website security, you can enable WAF in Serverspace alongside DDoS filtering.
Where can I activate the service?
WAF is available right in the Serverspace control panel under the CDN section. Setup takes just seconds and requires no extra software. Simply open the interface, click “Enable WAF”, and protection starts automatically.
