How It Works

Catch22 WAF provides full-time protection for your websites and applications by analyzing all traffic and only allowing legitimate and authorized access. Simply:

  • Point your Website, Application, or API to Catch22
  • Review the standard WAF policies that are active by default
  • Deactivate or customize any standardized policies as desired.
  • Create customized WAF rules and IP whitelists and blacklists if necessary.

Intelligent Protection

Catch22 WAF is designed to require zero-touch configuration, and to continue getting smarter as it is used. Traffic is constantly analyzed to profile behavior, detect inconsistencies, and determine reputation, leveraging advanced intelligence algorithms and expert security analysts. Every attack makes our WAF smarter and even more secure from emerging threats..

Layer 7 DDoS Attacks

All incoming traffic is constantly measured and if a threshold is exceeded an attack is suspected and all traffic is challenged to verify it is coming from a human.

Cross-site Scripting

Block attackers from injecting client-side scripts into web pages to bypass typical access controls and dupe end users.

Automated Traffic (Bots)

State-of-the-art detection technologies, including device fingerprinting, protects against automated traffic with an unparalleled level of precision and control.

SQL Injection

Protect against malicious SQL statements being entered into input fields and executed by an underlying SQL database of a vulnerable website or application.

OWASP Top 10 Threats

Policies protecting against the top ten security threats identified by the Open Web Application Security Project active by default.

Your WAF. Your rules.

Catch22 WAF comes with an extensive set of smart policies, but you can create sophisticated rules to meet your specific needs, based on traffic data including URL requested, IP, country, and more, or data from within the Catch22 platform such as traffic rates.

Easily Create New Rules

An easy-to-use rules editor makes it simple to select and define rule variables and the actions the rule should put into effect.

Deploy Instantly Worldwide

Custom rules are deployed and activated globally at your push of a button. No more waiting for someone else respond to a ticket or request.

Layer 7 DDoS Protection

Catch22 WAF automatically protects against Layer 7 DDoS attacks, the largest and most common types of attacks. The WAF measures and analyzes all traffic coming through it; if a domain threshold, burst threshold, or sub-second burst threshold (all of which can be customized) is exceeded the WAF suspects an attack and challenges traffic to verify it is coming from a human.

Customize Thresholds

Predefined thresholds can be configured per domain, allowing protection to be customized to the domain’s acceptable traffic profile.

White List Traffic Sources

Known legitimate traffic sources, like search engines, are allowed through even during a DDoS attack.

Real-time Monitoring & Analytics

Catch22 provides real-time insights into your website traffic and security events.

Real-time Traffic

Get real-time insights into your web application security events.


Catch22 provides information about the country and organization your visitors are coming from.

Analyze Security Events

You don’t need to be a security expert to analyze your web application security events, full details about each event are available within the WAF event management.

More Statistics

Information about the top threat actions, origins and the most active rules provide an extra layer of info that will help you get more insights about the malicious traffic that was blocked.

Protection All Around the World

Catch22 WAF runs in all of our edge locations around the world, providing your websites and applications global security in one single service.

Load Balancing

Get started today

Get CDN, WAF, DNS, and Monitoring all in one package. First month free on select Plans.

Basic Plan I
For Basic websites and blogs with standard content and average traffic levels.
$49 /month
Get Started
  • BANDWIDTH – 1TB/mo Bandwidth
  • WEBSITE – 1/ WEbsite with 5 WAF Rules
  • REQUEST – 1M/mo Requests
  • Monitoring – 1 Service
For Advance Grades websites and blogs with Limited content and average traffic levels.
$99 /month
Get Started
  • BANDWIDTH – 2TB/mo Bandwidth
  • WEBSITE – 5/ WEbsite with 5 WAF Rules
  • REQUEST – 5M/mo Requests
  • Monitoring – 5 Service
For professional websites and blogs with standard content and average traffic levels.
$149 /month
Get Started
  • BANDWIDTH – 5TB/mo Bandwidth
  • WEBSITE – 10/ WEbsite with 5 WAF Rules
  • REQUEST – 10M/mo Requests
  • Monitoring – 10 Service