CLOUD WAF — ALSO AVAILABLE SELF-HOSTED

Stop threats
before they reach
your websites.

CerberusWaf is a managed Web Application Firewall that protects hundreds of websites from one panel. Point your DNS, we handle the rest — real-time threat detection, anti-bot challenges, IP intelligence, and a SOC-grade dashboard.

Start Free See Dashboard →
12phases
WAF Pipeline
<1ms
Inspection Latency
300K+
GeoIP Ranges
now BLOCK SQLi 185.220.×.× → /wp-login
now CHAL Bot 45.134.×.× → /api/v2
now BLOCK RCE 192.241.×.× → /cgi-bin
70+
Nodes Protected
3
Datacenters
38
Database Tables
20K+
Lines of Code
SOC 2
DC Certifications
Features

Every layer of protection,
one panel to rule them all

40+ security modules. Domain-first interface. Multi-tenant. Managed or self-hosted.

WAF Engine

12-phase request pipeline with pattern matching for SQLi, XSS, RCE, path traversal, SSRF, and scanner detection. Audit or block per domain.

Free

Anti-Bot Protection

JavaScript Proof-of-Work challenge with Web Worker computation and HMAC cookie verification. Under Attack mode forces challenge for all visitors.

Starter+

IP Intelligence

Multi-source threat feeds (AbuseIPDB, VirusTotal). Reputation scoring, Tor/VPN/proxy detection, and auto-block by threat level.

Professional

Application Rulesets

Pre-built catalogs for WordPress, WooCommerce, Magento, Laravel, APIs. Pentesting-derived rules for RCE, SSRF, file uploads.

Free

Rate Limiting

Per-domain limits with progressive penalties. Presets for API, login, and general traffic. Burst and connection control.

Free

GeoBlocking

Country-based access control with local GeoIP database — 312K+ ranges, sub-millisecond lookup. Allow, deny, challenge, or log.

Professional

ACL Rules

Match IP, country, User-Agent, referer, URI path. Time windows, day-of-week schedules, and HTTP method filtering.

Professional

SOC Dashboard

World map attack visualization, real-time threat timeline, top attacking IPs with WHOIS, and one-click block/whitelist.

Professional

SSH Discovery

Auto-import domains from remote servers via SSH. Supports Nginx, cPanel, Apache, Plesk with bulk import and deduplication.

Business

SSL / Let's Encrypt

Automated certificate management with Let's Encrypt. Custom upload, auto-renew, and bulk renewal across all domains.

Free

CDN & Load Balancer

Proxy cache with TTL, purge, gzip. Load balancer with round-robin, least-conn, ip-hash. Health checks with auto-failover.

Professional

Multi-Tenant

Client management with domain limits, user roles (superadmin, admin, client), 2FA/TOTP, and full audit trail.

Professional
Architecture

How CerberusWaf protects your traffic

Your traffic flows through our Nginx reverse proxy with an auth_request-based WAF engine. Every request passes through 12 security checkpoints before reaching your origin.

01

Point your DNS

Change your DNS to CerberusWaf. We handle SSL, caching, and security automatically.

02

WAF Inspection

12-phase pipeline: bot check, IP intel, ACL, rate limit, pattern matching — all in <1ms.

03

Decision

Block (403), challenge (JS PoW), log (audit), or pass. Per-domain config.

04

Proxy → Your Server

Clean traffic proxied to your origin with load balancing, caching, and health checks.

Request Inspection Pipeline
→ Request UA Whitelist Offline Under Attack Bot Challenge IP Whitelist IP Intel IP Blacklist ACL Rate Limit WAF Rules GeoBlock ✓ Pass
Dashboard

Domain-first. SOC-grade. Dark by default.

Select a domain, everything contextualizes. Auto-cycling preview — hover to pause, click tabs to explore.

https://app.cerberuswaf.com — CerberusWaf
LIVE
acmeshop.io ▾
Domain
📊 Dashboard
📋 WAF Logs
🛡 WAF Rules
🤖 Anti-Bot PRO
📋 Rulesets
🚦 Rate Limits
🔒 ACL Rules PRO
🌍 GeoBlock PRO
📈 Traffic
Global
🌐 All Domains
⚙️ Settings
Dashboard
👤 adminProfessional
acmeshop.ioWAF: DEFENSE🔒 SSL🤖 Bot
87A
Security Score
3,847
Events 24h
🛡
1,291
Blocked
🤖
847
Challenged
👥
2,103
Unique IPs
📈
42.8
Req/sec
📋
12
Rulesets
Threats (24h)
Threat Map — Top Countries
🇨🇳 China
847
🇷🇺 Russia
612
🇺🇸 USA
384
🇧🇷 Brazil
271
🇩🇪 Germany
189
🇮🇳 India
152
🔍 IP, URI, domain, UA, rule...
Domain: All
Action: All
Severity: All
🔍
TimeActionCategorySeverityIP AddressURIDomain
14:32:01BLOCKEDSQLiCRITICAL185.220.101.34/wp-login.php?redirect_to=...acmeshop.io
14:32:01BLOCKEDXSSHIGH45.134.26.91/search?q=<script>alert(1)dashboard.novex.dev
14:32:02CHALLENGEDBotMEDIUM192.241.213.5/api/v2/productsacmeshop.io
14:32:03BLOCKEDRCECRITICAL103.75.201.88/cgi-bin/test-cgi?cmd=lsportal.brighthr.co
14:32:04BLOCKEDScannerLOW167.94.138.12/.envacmeshop.io
14:32:05BLOCKEDPath TravHIGH89.248.165.5/../../../../etc/passwdstore.greenleaf.com
14:32:06CHALLENGEDRate LimitMEDIUM51.15.42.88/logindashboard.novex.dev
Showing 1–50 of 12,847 events◀ 1 2 3 4 ... 257 ▶
6 Applications (6/100)
🔄📥 Import CSV+ ADD APPLICATION
acmeshop.io
DEFENSE🔒 SSL🤖 Bot
→ 45.33.×.×:4431,847 events
dashboard.novex.dev
DEFENSE🔒 SSL🤖 Bot
→ 192.168.×.×:80923 events
portal.brighthr.co
AUDIT🔒 SSL
→ 10.0.×.×:443341 events
api.acmeshop.io
DEFENSE🔒 SSL
→ 45.33.×.×:80802,103 events
blog.novex.dev
OFF🔒 SSL
→ novex.dev (301)No events
staging.acmeshop.io
AUDIT
→ 10.0.×.×:300087 events
2,847
TOTAL CHALLENGES
1,923
VERIFIED ✓
891
FAILED ✗
33
EXPIRED
Challenge Config
EnabledON
ModeJS Proof-of-Work
Difficulty18 bits
Cookie TTL3600s
Under AttackOFF
Top Failed IPs
🇷🇺185.220.101.3447×BAN
🇨🇳103.75.201.8831×BAN
🇺🇸167.94.138.1222×BAN
🇳🇱89.248.165.518×BAN
TimeIP AddressResultCountryUser Agent
14:31:58185.220.101.34FAILED🇷🇺 RUPython-urllib/3.9
14:31:5545.134.26.91VERIFIED🇺🇸 USMozilla/5.0 Chrome/120
14:31:52103.75.201.88FAILED🇨🇳 CNGo-http-client/1.1
14:31:4851.15.42.88VERIFIED🇫🇷 FRMozilla/5.0 Firefox/121
14:31:44167.94.138.12FAILED🇺🇸 USNuclei v2.7.3
Screenshots

See every feature in action

Real interface screenshots from the CerberusWaf management panel.

Rate Limiting — acmeshop.io
EndpointLimitWindowActionHits
/api/*100 req60sCHALLENGE2,847
/login5 req300sBLOCK891
/wp-admin/*30 req60sBLOCK423
Global500 req60sCHALLENGE12
+ Add RulePresets ▾
🚦 Rate Limiting
GeoBlocking — acmeshop.io
🇨🇳 China — BLOCK 🇷🇺 Russia — BLOCK 🇻🇳 Vietnam — CHALLENGE 🇮🇩 Indonesia — CHALLENGE 🇮🇳 India — LOG 🇺🇸 USA — ALLOW 🇬🇧 UK — ALLOW 🇨🇱 Chile — ALLOW
Default action: ALLOW · GeoIP DB: 312,847 ranges · Last update: 2h ago
+ Add CountryImport CSV
🌍 GeoBlocking
IP Intelligence
IP AddressScoreSourcesTypeAction
185.220.101.3498AbuseIPDB, VTTOR EXITAUTO-BLOCK
103.75.201.8892AbuseIPDBVPNAUTO-BLOCK
167.94.138.1274ShodanSCANNERCHALLENGE
51.15.42.8861AbuseIPDBPROXYLOG
48,291 entries · Auto-block threshold: 85 · Feeds synced: 4m ago
🧠 IP Intelligence
SSL Certificates
DomainIssuerExpiresStatus
acmeshop.ioLet's Encrypt2026-05-18✓ VALID
dashboard.novex.devLet's Encrypt2026-05-12✓ VALID
portal.brighthr.coSectigo RSA2026-11-03✓ VALID
api.acmeshop.ioLet's Encrypt2026-03-08⚠ RENEWING
🔄 Renew All+ Upload Custom
🔐 SSL / Let's Encrypt
Pricing

Simple pricing. Per domain. No surprises.

Start free, scale as you grow. No per-request fees, no bandwidth limits.

Free
For personal projects & testing
$0
forever · up to 5 domains
  • WAF audit mode
  • Basic rate limiting
  • SSL / Let's Encrypt
  • Security headers
  • Application rulesets (3)
  • 24h log retention
  • Anti-bot protection
  • IP Intelligence
  • GeoBlocking / ACL
Get Started Free
Professional
For agencies & growing teams
$19
/domain/month · or bundles from $14.90
  • WAF defense mode
  • Anti-bot JS challenges
  • IP Intelligence (multi-feed)
  • GeoBlocking + ACL rules
  • Full rate limiting
  • SOC Dashboard
  • Vulnerability scanner
  • Custom error pages
  • 30-day log retention
Start Professional
Business
For hosting providers & MSPs
$29
/domain/month · or bundles from $19.90
  • Everything in Professional
  • REST API access
  • Client portal
  • PDF / Excel reports
  • Webhook & Telegram alerts
  • CDN & load balancer
  • 90-day log retention
  • Priority support (4h SLA)
  • Prometheus metrics
Start Business

Volume discounts — the more domains, the less you pay

6–10 domains: 10% off · 11–25: 20% off · 26–50: 30% off · 51+: custom pricing

Contact Sales →

Enterprise — Unlimited domains, white-label, SSO

Custom pricing for large-scale deployments. Dedicated support with 1h SLA.

Contact Sales →
Self-Hosted licenses — coming soon
Install CerberusWaf on your own server. Same features, full data sovereignty. Join the waitlist.
Join Waitlist →

All plans include SSL, security headers, and basic auth. Annual billing saves 20%.

Get Started

Protecting your first domain takes 3 minutes

No installation. No server configuration. Just sign up, add your domain, and update your DNS.

1
Create your account
Sign up for free at app.cerberuswaf.com. No credit card required. Your Free plan includes 5 domains.
2
Add your domain & upstream
Enter your domain and the IP of your origin server. CerberusWaf auto-configures SSL, security headers, and WAF rules.
3
Update your DNS
Point your domain's A record to the CerberusWaf edge IP we provide. Traffic starts flowing through our WAF immediately.

Zero infrastructure to manage

Your traffic is proxied through CerberusWaf's infrastructure across datacenters in Miami, Tampa, and Santiago. We handle Nginx, SSL certificates, GeoIP databases, threat feeds, and all security updates.

  • SOC 2, ISO 27001, PCI-DSS certified DCs
  • Auto SSL via Let's Encrypt
  • 312K+ GeoIP ranges updated weekly
  • Multi-feed threat intel (AbuseIPDB, VirusTotal)
  • 99.9% uptime SLA on paid plans
  • Dashboard at app.cerberuswaf.com
Start Free — 5 Domains

Your traffic. Your rules.
Our infrastructure.

Start free with 5 domains. Upgrade as you grow. No server to manage, no installation required.

Start Free Read the Docs