OakWall WAF — Advanced Security & Anti-DDoS Gateway
OakWall is a cloud-based Web Application Firewall providing enterprise-grade protection for your web applications and APIs.
Automatic L3/L4/L7 DDoS detection and mitigation. Provider-level scrubbing combined with custom WAF rules on every edge node. Protects against volumetric floods, SYN floods, HTTP floods, Slowloris, and application-layer attacks.
Per-IP reputation engine with burst window analysis, unique-path scanner detection, and honeypot integration. Blocks SQL injection, XSS, path traversal, command injection, and OWASP Top 10 threats in real time.
PowerDNS-backed authoritative DNS with ALIAS record flattening for apex domains, DNSSEC signing, geo-based routing, and sub-millisecond query resolution. Supports A, AAAA, CNAME, ALIAS, MX, TXT, NS, SRV, CAA, and PTR record types.
Zero-configuration Let's Encrypt certificate provisioning and automatic renewal. TLS 1.3 support, HSTS headers, OCSP stapling, and strong cipher suite selection out of the box.
WebSocket-powered live feed of every request and threat with sub-100ms latency. Traffic analytics, geo-distribution maps, top IP tracking, threat type classification, and attack timeline visualization.
Cloudflare-style "Under Attack" mode with proof-of-work puzzle challenges. Filters automated bot traffic while allowing legitimate users through with minimal friction.
Key Security Features
- Rate limiting with configurable requests-per-minute and burst thresholds
- IP blocklist and allowlist management
- Custom WAF rules with pattern matching on URI, query, headers, body, IP, and user agent
- Security headers: HSTS, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Content-Security-Policy
- Force HTTPS redirect and WWW redirect options
- Custom error pages for 403, 502, and maintenance mode
- Cache control with TTL and bypass rules
- API key authentication for programmatic access
- Team collaboration with multi-user domain access
- Telegram alert integration for real-time attack notifications
Architecture
OakWall operates as a reverse proxy sitting between your visitors and origin server. All incoming traffic passes through our edge filtering layer where it is analyzed by the behavioral WAF engine, checked against IP reputation databases, validated against custom rules, and either allowed through to your origin or blocked. DNS queries are served by our PowerDNS authoritative nameservers (ns1.oakwall.mom, ns2.oakwall.mom) with anycast routing.
Setup
Getting started takes under 5 minutes: register an account, add your domain, update NS records to ns1.oakwall.mom and ns2.oakwall.mom, and OakWall handles the rest — DNS propagation, SSL provisioning, and WAF activation are fully automatic.
Pro — $19/month: 10 domains, Behavioral WAF, Custom rules, Real-time dashboard, Priority support.
Enterprise — $150/month: Unlimited domains, 8+ dedicated edges, Custom WAF tuning, SLA 99.99%, Dedicated engineer.
Start protecting your domains now →