Web Application Firewall (vWAF) is a security service that helps protect Enterprise web applications from popular forms of web exploitation that may affect the ability to use applications, harm to security or excessive resource consumption.

vWAF gives businesses control to allow or block traffic flow to web applications by specifying customizable web security rules, limiting access numbers, and restricting access to geographic locations.

vWAF helps to prevent common attack patterns, such as SQL injection or insert malicious code by scripting through multiple pages as well as rules designed specifically for business applications.


Why use vWAF?

Protect webs applications against web exploit, ensure network security and data security

Save cost while ensuring the security of web applications



Easy & quick deployment

vWAF can be deployed quickly and easily by operating on VNG Cloud Portal Interface. Using Anycast to distribute traffic to the web from NODEs located at ISPs and the application load balancing as the front end for all root servers. Enterprises will not need additional software to implement except activating vWAF on the right resources.

Increase protection against web attacks

vWAF protects web applications from attacks by filtering traffic bases on self-created rules. For example, Enterprises can filter web requests by IP address, limit the number of visits from the source, limit by geographic location, allowing to block popular attack patterns based on the top 10 rules set of OWASP like SQL injection or insert malicious code by script through multiple pages.

Protect your web application with affordable price

vWAF is provided based on the total number of web traffic and monthly traffic in a customized and self-service form, prices are calculated according to the number of visits, the amount of traffic Enterprises deployed and the number of web requests that Enterprise had used.

Load balancing support for multi backend

vWAF provides load balancing with many methods such as Round Robin, which automatically distributes traffic to many different servers and always ensures only live servers receive it. These methods help ensure High availability for application.

Service packages

Website protection Free trial Small site
Medium site
Business site
Function Protected domain 1 1 2 5
Max request/ month 3,000,000 30,000,000 90,000,000 150,000,000
Volume traffic/ month (GB) 300 1,500 3,000 6,000
Load Balancing Multi Backend Yes Yes Yes Yes
Web DDos Protect IP Repulation (Block list) Yes Yes Yes Yes
Allow IP/ Country | Block IP/ Country Yes Yes Yes Yes
SSL Free Yes Yes Yes Yes
SLL Insert Yes Yes Yes Yes
Request Rate Limited (req/source/s) Yes Yes Yes Yes
Allow Bot Yes Yes Yes Yes
Distribute Services Yes Yes Yes Yes
Web Content Filter Top 10 OWASP Core Rules Yes Yes Yes Yes
Excluded URLs (Chan-sub-url) Yes Yes Yes Yes
Blacklist/Whitelist Yes Yes Yes Yes
Challenge Page Yes Yes Yes Yes


  • - Prices apply for 30-day packages
  • - VAT 10% not included
  • - Free trial package for a month, requires vServer