CerberusWaf is a managed Web Application Firewall that protects hundreds of websites from one panel. Point your DNS, we handle the rest — real-time threat detection, anti-bot challenges, IP intelligence, and a SOC-grade dashboard.
40+ security modules. Domain-first interface. Multi-tenant. Managed or self-hosted.
12-phase request pipeline with pattern matching for SQLi, XSS, RCE, path traversal, SSRF, and scanner detection. Audit or block per domain.
FreeJavaScript Proof-of-Work challenge with Web Worker computation and HMAC cookie verification. Under Attack mode forces challenge for all visitors.
Starter+Multi-source threat feeds (AbuseIPDB, VirusTotal). Reputation scoring, Tor/VPN/proxy detection, and auto-block by threat level.
ProfessionalPre-built catalogs for WordPress, WooCommerce, Magento, Laravel, APIs. Pentesting-derived rules for RCE, SSRF, file uploads.
FreePer-domain limits with progressive penalties. Presets for API, login, and general traffic. Burst and connection control.
FreeCountry-based access control with local GeoIP database — 312K+ ranges, sub-millisecond lookup. Allow, deny, challenge, or log.
ProfessionalMatch IP, country, User-Agent, referer, URI path. Time windows, day-of-week schedules, and HTTP method filtering.
ProfessionalWorld map attack visualization, real-time threat timeline, top attacking IPs with WHOIS, and one-click block/whitelist.
ProfessionalAuto-import domains from remote servers via SSH. Supports Nginx, cPanel, Apache, Plesk with bulk import and deduplication.
BusinessAutomated certificate management with Let's Encrypt. Custom upload, auto-renew, and bulk renewal across all domains.
FreeProxy cache with TTL, purge, gzip. Load balancer with round-robin, least-conn, ip-hash. Health checks with auto-failover.
BusinessClient management with domain limits, user roles (superadmin, admin, client), 2FA/TOTP, and full audit trail.
ProfessionalPentesting-derived rule catalogs covering OWASP Top 10, CMS platforms, API abuse, protocol attacks, and more.
Your traffic flows through our Nginx reverse proxy with an auth_request-based WAF engine. Every request passes through 14 security checkpoints before reaching your origin.
Change your DNS to CerberusWaf. We handle SSL, caching, and security automatically.
14-phase pipeline: bot check, IP intel, ACL, rate limit, pattern matching — all in <1ms.
Block (403), challenge (JS PoW), log (audit), or pass. Per-domain config.
Clean traffic proxied to your origin with load balancing, caching, and health checks.
Most WAFs run every check on every request. CerberusWaf's pipeline is ordered cheapest-first: if a request is blocked at phase 2, phases 3–12 never execute.
UA flags, Offline mode, Bot cookie, IP white/blacklist — simple lookups in memory. This alone stops 40–60% of malicious traffic.
GeoBlock, IP Intel, Rate Limit, ACL, CMS Auth — fast indexed lookups and counters. These catch 20–30% more threats before regex.
WAF Rules + Rulesets — regex pattern matching. By now 60–80% of bad traffic has been blocked. Only clean requests pay full cost.
CerberusWaf generates standard Nginx configuration files. No proprietary format, no vendor lock-in.
Select a domain, everything contextualizes. Auto-cycling preview — hover to pause.
Start with a 7-day free trial. No per-request fees, no bandwidth limits.
6–10 domains: 10% off · 11–25: 20% off · 26–50: 30% off · 51+: custom pricing
Custom pricing for large-scale deployments. Dedicated support with 1h SLA.
Install CerberusWaf on your own server. Same features, full data sovereignty.
All plans include SSL, security headers, and basic auth. Annual billing saves 20%.
No installation. No server configuration. Just sign up, add your domain, and update your DNS.
Your traffic is proxied through CerberusWaf's infrastructure across datacenters in Miami, Tampa, and Santiago.
Start your 7-day free trial with 3 domains. Upgrade as you grow. No server to manage.