Web Application Firewall

Security Without Compromise

Managed WAF protection with configurable strictness levels. Block attacks, rate limit traffic, and monitor threats with real-time logs.

Enable WAFSecurity docs
Web Application Firewall
Active
Incoming
GET /api/users
POST /login
GET /?id=1' OR 1=1
Inspecting requests
Results
GET /api/users Passed
POST /login Passed
GET /?id=1' OR 1=1 SQLi
2 passed 1 blocked
View logs
WAF
Managed Rules
3
Rate Limiters
Http:BL
Integration
Slack
Notifications
WAF Rules

Managed Protection with Adjustable Levels

Enable WAF on any route with Report or Block mode. Adjust paranoia level for strictness. Skip specific rules or allowlist IPs as needed.

  • Report or Block mode
  • Adjustable paranoia level
  • Rule ID overrides
  • IP/CIDR allowlists

WAF documentation

WAF Configuration
Block Mode
WAF Protection
Block SQLi, XSS, OWASP
Mode
Paranoia Level
Level 2
Low High
Skipped Rules
942100 920350
IP Allowlist
10.0.0.0/8
OWASP rules 4 levels
Edit config
Rate Limiting
Active
IP Rate Limiting
Mode
Block
RPS
10/sec
Cooldown
30s
WAF Hit Rate Limiting
Hits
10 max
Window
5 min
Cooldown
300s
Bot Challenge Mode
Challenge suspicious traffic
Currently blocked
47 IPs
75% threshold
RPS limiting Bot challenge
View logs
Rate Limiting

Three Types of Rate Limiters

IP-based rate limiting by requests per second. Header-based limiting for API keys. WAF hit rate limiting for slow attack patterns. Bot challenge mode available.

  • IP rate limiting (RPS)
  • Header-based limiting
  • WAF hit rate limiting
  • Bot challenge mode

Rate limiting guide

Block Lists
IP Addresses
12 blocked
185.220.x.x 45.155.x.x +10 more
User Agents
5 blocked
*GPTBot* *AhrefsBot*
ASN / Geo
3 blocked
AS9009 CN RU
Managed Dictionaries
Bad Bots
Enabled
AI Crawlers
Enabled
Http:BL
Enabled
IP blocks Bot lists Geo blocks
Manage lists
Block Lists

Multiple Blocking Options

Block by IP address, User-Agent, Referer header, or ASN. Use QuantCDN-maintained dictionaries for known bad actors, AI crawlers, and spam IPs. Http:BL integration available.

  • IP/User-Agent/Referer/ASN blocking
  • Managed bad bot dictionaries
  • AI crawler blocking
  • Http:BL integration

Block lists docs

Protection for Every Application

From simple websites to complex APIs, the WAF adapts to your needs.

Website Protection

Enable WAF on your sites with managed rules. Block SQLi, XSS, and common attacks automatically.

  • Managed WAF rules
  • Adjustable strictness
  • Report or block mode
Learn more

API Rate Limiting

Protect APIs with header-based rate limiting. Use custom headers to limit by API key or user ID.

  • Header-based limits
  • RPS thresholds
  • Configurable cooldown
Learn more

Bot Protection

Block known bad bots, AI crawlers, and scrapers. Use managed dictionaries maintained by QuantCDN.

  • AI crawler blocking
  • Bad bot dictionaries
  • User-agent filtering
Learn more

Geo Blocking

Block traffic from specific countries or allow only from approved regions. ASN-level blocking available.

  • Country blocking
  • ASN blocking
  • IP range blocks
Learn more

Slack Notifications

Get Slack alerts for blocked requests. Configure RPM thresholds to reduce noise.

  • Slack webhooks
  • RPM thresholds
  • Real-time alerts
Learn more

WAF Logs

View 30 days of WAF activity. Filter by IP, location, rule ID, domain, and block type.

  • 30-day retention
  • Filterable logs
  • ASN lookup
Learn more

Secure Your Application

Enable WAF protection today. Configure per-route with Report or Block mode.

Managed WAF rules
3 types of rate limiting
Bot & AI crawler blocking
Slack notifications
Enable WAFView pricing