Web Application Firewall (WAF)

The NOC WAF service is accessible via the CDN and offers organizations peace of mind that vulnerabilities are not exploited by bad actors.


No Credit Card Required. Starting at $1 / month.

How the Web Application Firewall (WAF) Works

The NOC Web Application Firewall (WAF) is built on the NOC CDN service. It's a custom security solution that uses a proprietary approach to virtual hardening and patching at the edge.


It uses a deny-all approach to mitigation, and is built using application-specific profiles. It was built specifically to help protect opensource Content Management Systems (CMS) applications (e.g., WordPress, Drupal, Joomla!, Magento, etc...).


Leveraging the NOC platform, the WAF is able to extend it's protection capabilities by virtual hardening an application at the edge.

Normal server level hardening techniques (e.g., disabling PHP execution, directory listing, etc...) are done on behalf of the website owner with no additional actions from the website owner.


Vulnerabilities, including zero-day events, are patched at the edge with zero actions from the user. This ensures critical assets, and their teams, can take the time they need to identify, and remediate issues as they arise.


In addition to hardening and patching, the WAF functions as a mechanism to protect access points like log in points and sensitive pages. It allows website owners to protect sensitive log in pages using browser authentication and IP restrictions.

Protect Your Web Applications


As a reverse proxy, the NOC WAF intercepts and inspects all inbound requests to your web application. This level of integration makes it possible to provide advanced mitigation against unknown and known attacks. This also keeps nefarious activity off your origin server, allowing it to perform optimally and reducing the risk of a bad actor abusing security vulnerabilities.

Features include

  • Virtual Hardening at the Edge
  • Virtual Patching of Application Vulnerabilities
  • Mitigation of Remote Exploit Attempts
  • Built for OpenSource CMS Applications
  • Bot Detection and Mitigation
  • Edge Protection of Critical Pages
  • Access Control Protection (incl. Browser Authentication)