Web Application Firewall

Modern protections for modern applications

Enterprises rely on applications and APIs for growth--and with our world-class web application firewall, expanding attack surfaces and novel attacks never get in the way.

Our powerful web application firewall is integrated with the rest our our leading cloud-delivered application security portfolio.

2020 saw more than 18K vulnerabilities to exploit - the greatest number of vulns on record.

There are more than 5 billion stolen credentials on the dark web to fuel credential stuffing that leads to account takeover.

Attackers have web servers in the crosshairs as they are the top IT asset targeted - in 50% of attacks.

Companies need 16 days to patch - leaving attackers weeks to exploit vulnerabilties.

WAF layered defenses

  • Cloudflare managed rules offer advanced zero-day vulnerability protections.
  • Core OWASP rules block familiar “Top 10” attack techniques.
  • Custom rulesets deliver tailored protections to block any threat.
  • Exposed credential checks monitor and block use of stolen/exposed credentials for account takeover
  • Sensitive data detection alerts on responses containing sensitive data.
  • Advanced rate limiting prevents abuse, DDoS, brute force attempts along with API-centric controls.
  • Flexible response options allow for blocking, logging, rate limiting or challenging.
Stop account takeover

Prevent successful credential stuffing attacks from taking over user accounts.

Prevent data exfiltration

Stop data leaks to keep sensitive company data safe and private.

Block credential stuffing

See and stop abusive login attacks using stolen credentials.

Cloudflare WAF Advantages

Our global 100 Tbps network sees up to 30M requests per second.

Complete application security from the same cloud network for an effective and uniform security posture.

Faster, easier security deployments for quicker mitigations and time-to-value.

A single Rust-based engine drives portfolio protections for no gaps in security.

Zero-day protections are in place fast for immediate virtual patching. Rules are deployed globally in seconds.

Our network's unparalleled visibility into threats yields the sharpest security and most effective machine learning.

最高のDDoS攻撃対策

Cloudflareのお客様はすべて、100 TbpsのDDoS攻撃防御の盾で守られています。

250か所にある当社データセンターの各サーバーで、フルスタックのDDoS軽減サービスを実行し、最大規模の攻撃を阻止しています。


Cloudflareが提供する世界クラスのアプリケーションセキュリティ

Cloudflare Webアプリケーションファイアウォール(WAF)は、アプリケーションとAPIを安全かつ生産的に保ち、DDoS攻撃を阻止し、ボットを寄せつけず、異常や悪意のあるペイロードを検出し、その一方でブラウザのサプライチェーン攻撃を監視する、高度なアプリケーションセキュリティポートフォリオの基盤です。

ボット管理

Webプロパティに害を及ぼすボット攻撃から保護することで、質の高いカスタマーエクスペリエンスを提供します。

API Shield

Keep APIs safe and productive with API discovery, schema validation, mTLS, DLP, anomaly detection, and more.

Page Shield

訪問者のブラウザで実行されるサードパーティのMagecart攻撃から保護します。


Cloudflareのセキュリティリーダーシップ

Gartner Peer Insights(ガートナーピアインサイト)調査で、2021年の「カスタマーズチョイス」に選出。

Frost & Sullivan Frost Radar™において「イノベーションリーダー」に選出:Global Holistic Web Protection Market Report。

Forrester WaveのDDoS軽減ソリューションにおいて、「リーダー」に選出。