Intelligence and coverage
in front of every request.

Your application is under attack all the time. The WAF analyzes every request before it reaches your server, blocks malicious ones, and lets legitimate traffic through with no impact for the user.

Request free trial View plans

Defense in depth.

Managed rules

Broad coverage maintained and updated automatically. New threats are incorporated without your team's intervention, from day one.

Automatic updates No manual configuration

Behavioral AI

Real-time analysis of payload, session, and access pattern anomalies. Detects signatureless threats that static rules miss.

Session anomaly Zero-day

Bot protection

Malicious automation identified by session fingerprint, access rate, and behavior pattern. Bots are challenged or blocked before reaching any endpoint.

JS challenge Rate analysis

Network reputation

Real-time IP reputation, geolocation, abuse history, and ASN classification. Network context enriches every decision even before content analysis.

IP reputation ASN & geo

Rate limiting

Rate control by route, method, and origin. Automatic reaction to anomalous request patterns without impacting legitimate traffic.

By route By IP

Controle de acesso

Access control

Restriction by geographic origin, ASN, and IP allowlist per route. Define who can access each part of your application without changing the code.

Geo-blocking IP allowlist
Observability

Every decision logged with full context.

Knowing an attack was blocked is just the beginning. The WAF logs the route, origin, category, and rule that acted on every request, so your team has full context without digging through raw logs.

Route, origin, category, and rule triggered in every event
Decision reasoning visible directly in the dashboard
Event history by domain and time interval
False positive identification and quick adjustment

Live edge decisions

Protected application

online
185.220.x.xPOST
/api/auth/login
91.109.x.xGET
/admin/config
186.x.x.xPOST
/checkout/starter
Vorpcel WAF decision edge
Behavior anomalyblocked
Brute force pattern
Network reputationblocked
High-risk origin
Legitimate sessionallowed
Score 0.06
Last 5 minutes 12 blocked · 847 allowed · 1.8ms avg

How it works

From setup to live traffic
protected in minutes.

1

Add your application

Create the environment in the dashboard and enter the origin domain or IP. No code changes required.

2

Activate protection

With the domain configured, traffic starts flowing through the WAF in minutes. No maintenance window, no impact for users.

3

Track with context

Every decision logged with route, origin, category, and rule triggered. Full visibility without digging through raw logs.

Control

Broad protection, adapted to your context.

The WAF comes with broad coverage from day one, but your business has unique routes, flows, and patterns. Create custom rules, calibrate sensitivity per route, and adapt the policy without compromising the default coverage.

Custom rules
Create rules for routes, IPs, headers, and parameters specific to your product.
Sensitivity per route
Distinct policies for the admin panel, public API, and checkout, without global configurations.
Monitor mode
Start in monitor mode to understand traffic before enabling active blocking.
False positive management
Mark exceptions and adjust rules directly in the dashboard when needed.

Policies per route

Protected application

● Active
Rota Camadas Modo
/api/admin/* WAF · IP allowlist STRICT
/api/* WAF · AI · Rate limit STANDARD
/checkout/* WAF · Bots · IA STRICT
/auth/* WAF · Rate limit STANDARD
/static/* Basic WAF RELAXED
7 custom rules · 650 managed ● Active blocking

Place the WAF
in front of your application.

Free trial, no credit card required. Configure your first domain and monitor events in the dashboard.

Request trial View plans