R&S®Web Application Firewall

Defend your critical applications, APIs from advanced cyber threats

with powerful custom workflows.

The challenges of legacy web application firewalls (WAFs)​


High false positive rate​

Most WAFs do not provide an easy way to manage false positives, which results in high administrative costs.

Cloud Protector to update the WAF

Patching flaws in production

It takes over one month to patch a critical vulnerability. Updating an app to address this can lead to side effects, affecting the business.

Cloud Protector to scale in the cloud

Attacks on web applications

Attacks listed on OWASP Top 10 list, zero day attacks, API security threats etc still pose a major threat to web applications.

What’s possible with R&S®Web Application Firewall?

Navigate the intuitive interface with graphical workflow technology

R&S®Web Application Firewall has a smart and graphical management interface that helps visualizing the processing and flow of traffic. Chain multiple security engines via the workflow for accurate detection and reduced false-positive rate. You can switch from blocking to logging mode on all or specific parts of the security policy with just a click.

Boost the security of APIs with extra engines

Available as an optional feature, Extended API Security (EAS) allows additional engines to be activated in the workflow to strengthen your API security and extend it to custom applications and machine-to-machine communication. It helps validate JSON/XML structure using schemas and path using Swagger for sitemap. EAS enables businesses and public authorities to maintain the agile advantage of API-led development while ensuring security and compliance.

Detect and mitigate malicious bots, ensuring legitimate traffic

Malicious human-like bots that are hard to detect cause most web attacks. Bot mitigation is another smart feature that verifies the source of a traffic request (a human or a machine) and then controls the demand via a challenge-based protection technique.

Avoid false positives with automatic & advanced resolution

The more accurate a security model is in identifying an attack, the lower the false positives. It is not only important how fast an exception is created but also how accurate it is. The automatic resolution feature automatically creates exceptions in security exception profiles and allows the resolution of one to several hundred logs at the same time.

Adapt to IP reputation, user behavior, and context specific scenarios

This solution uses Webroot’s real time threat intelligence database to protect customers against threats posed by IP addresses. It manages both blacklists and whitelists. It is able to work with Swagger or OpenAPI files and enforce them. In addition, it employs the ML- powered scoring model to increment a score and if score is above defined limit, request is blocked and redirected.

Predefine and customize dashboards for advanced monitoring, reporting

R&S®Web Application Firewall monitors user activity in context to prevent attacks targeting the application logic and blocks abnormal behavior. The reports combine executive level, managerial and technical views, support customizable templates and show evolution (diff) over time. They are available in four formats (PDF, XML, CSV, and MHT) and multiple languages.

What makes us stand out?

Cloud Protector high level availability

Robust Security

Multiple security engines

environnements hybrides

Ease of use

Unique workflow visualization that caters to even specific off-road security scenarios


Flexible deployement

On-premises and in the cloud marketplaces

Additional products


Web Access Manager

Simplify access and increase application security with R&S®Web Application Firewall


Extended API Security

Enhance R&S®Web Application Firewall with an effective API security strategy


Management Console

Centralize configuration, management and monitoring of all instances in R&S®Web Application Firewall

It's time to move to the Cloud

Browse our Marketplaces offers now to defend your cloud-deployed applications too!

Amazon Marketplace
Microsoft Azure Marketplace
GCP Marketplace

See our featured content


Key considerations when choosing a web application firewall

This white paper digs into the key considerations for selecting a powerful WAAP that combats all your problems.

SNCF Connect customer testimonial

This video highlights how Oui SNCF took advantage of automation and advanced integration in AWS.