How CoreWAF works
No DNS change, no TLS termination, no migration. CoreWAF loads from inside your own site.
From zero to protected in minutes.
No DNS migration, no new networks, no support tickets with your hosting provider.
Create your account
Sign up and add the domain you want to protect. The free trial starts automatically.
Connect your site
One single line in your site and CoreWAF goes live. No DNS, no TLS termination on the way.
Monitor and refine your rules
Hit "Deploy" and rules apply in seconds. Watch hits, blocks, IPs and agents in real time.
Block by IP, User-Agent and URL.
Precise operators: exact, contains, starts, ends. No complex regex, no collateral false positives.
IP and CIDR ranges
Block a specific IP or an entire range using CIDR notation. IPs with an abuse history can be added directly to your blacklist.
User-Agent
Filter bots, scrapers and attack tools by their User-Agent. contains, starts, ends and exact operators to avoid catching legitimate traffic.
URL and paths
Protect critical endpoints by path: admin panel, xmlrpc, wp-login, internal APIs. Same operators as User-Agent.
Priority whitelist
Any whitelist rule takes absolute priority over blacklists. A legitimate user wrongly flagged is unblocked in one click.
Under Attack: full block in one click.
When you're under active attack, enable Under Attack and CoreWAF blocks all traffic except what's on your whitelist. No individual rule changes, no restarts. Disable it once the storm passes.
Your whitelist stays active at all times, even when Under Attack is enabled.
The rules are yours. They run on your server.
CoreWAF downloads a signed payload with your rules directly to your server. The blocking logic runs locally, inside your application, with no dependency on any real-time external call.
If the CoreWAF API stops responding, your existing rules stay active. Your protection does not depend on our uptime.