Web Application

Security

Get your web applications and services protected against DDoS attacks (L3, L4, L7), hacking threats and malicious bot activities with an all-in-one web security solution by Gcore.

Shield

Key benefits

Keep your service available even under the strongest attacks

Stay focused on your primary business and not on web security fortifications

Protect your application from different attack vectors without harming performance

Save money by avoiding costly web filtering and network appliances

Security features

  • Globally distributed network to filter all traffic around the world
  • Our growing distributed network capacity will always exceed any single DDoS attack
  • Protect against low-rate attacks from their first request
  • Advanced load balancing algorithms for better availability
  • False positive rate is less than 0.01%
  • Block malicious sessions, not IPs
Web Application Security by client infrastructure
On-premises Web Security Servers
Client's Web Server
Web Application Security by Gcore Network
Gcore Global Network
Client's Web Server

Web Application Firewall

Web Application Firewall (WAF) employs real-time monitoring and machine learning to protect users' credentials and prevent digital assets loss.

  • Prevent user credentials theft
  • Protect the service from unauthorized access
  • Reduce the risk of personal data leaks
    • DDoS protection layer detects and filters incoming traffic

    • WAF scans requests' signatures and blocks the access if malware is found

    • Client's application remains protected and safe for the users

    Web Security Module
    DDoS
    Layer
    WAF
    Layer
    Bot
    Layer
    Web Application Firewall
    Client's Web Server

    How WAF works

    • Scanning of incoming traffic in real-time
    • Verifying traffic according to existing rule set
    • Scoring the requests features based on the set weights
    • Blocking requests if their total score exceeds the threshold
    Protect from different hacking attacks:
    • Cross-Site Request Forgery (CSRF)
    • Cross-Site Scripting (XSS)
    • Local File Inclusion (LFI)
    • Remote File Inclusion (RFI)
    • SQL Injection (SQLi)
    • Other OWASP Top 10 threats
    Learn more about WAF →

    API security

  • JSON-based APIs (including CRUD, REST, and customs APIs)
  • SOAP APIs
  • XMLRPC and customs XML-based APIs
  • Open Banking APIs
  • API security

    Bot protection

    Bot protection prevents online services from overloading and keeps your business workflow running smoothly.

  • Mitigate website fraud attacks
  • Eliminate request form spamming
  • Prevent brute-force attacks
  • Protect from different bot activities:

    • Web Content Scraping
    • Account Takeover
    • Form Submission Abuse
    • API Data Scraping
    • TLS Session Attacks
    Connect Bot Protection
    • Bots mimic user activity to perform inappropriate operations

    • Bot protection module detects robotic activities and drops the connections

    • Client's workflow communicates only with real users

    Web Security Module
    DDoS
    Layer
    WAF
    Layer
    Bot
    Layer
    Bot Protection
    Client's Web Server

    Testimonials & Success Stories

    • Gcore is one of our key partners for successful distribution of Black Desert Online in Latin America. Resilient and agile, Gcore exceeded all expectations.

      David Son

    • Having a reliable and quick-to-respond hosting partner is crucial to the success of an MMO game like Albion Online. Gcore delivers just that. Whether it was the implementation of an advanced DDoS protection solution for our game, or resolving the connectivity issues of individual players, the Gcore technicians have been there for us 24/7. Always helpful, professional and dedicated.

      David Salz

    • Gcore provided us with not only quality infrastructure, but also excellent technical support when connecting the service.

      Nathan Ihlenfeldt

    Plans

    start+ pro Enterprise

    VALUES

    55 /mo.

    No credit card required

    Custom

    Guaranteed availability (SLA)

    >99.5%

    >99.9%

    Protection from network and transport layer DDoS attacks (L3, L4)

    Unlimited

    Unlimited

    Protection from application layer DDoS attacks (L7)

    Unlimited

    Unlimited

    Number of protected resources

    1

    1

    Technical support

    8/5

    24/7

    Protection for 1 additional resource per month

    €55

    Per request

    Legitimate traffic included*

    3 Mbps

    Per request

    Traffic charge above quota (per Mbps)

    €10

    Per request

    1 additional IP address for client’s domain protection

    €130

    Per request

    Issuing and support of SSL certificates per certificate per month

    €2

    Per request

    Web Application Firewall

    Per request

    Bot protection (parsing/brute-force protection) per Mbps

    €5

    HTTPS filtering without key disclosure per resource per month

    €115

    start+

    55/mo.

    No credit card required

    Guaranteed availability (SLA)

    >99.5%

    Protection from network and transport layer DDoS attacks (L3, L4)

    Unlimited

    Protection from application layer DDoS attacks (L7)

    Unlimited

    Number of protected resources

    1

    Technical support

    8/5

    Protection for 1 additional resource per month

    €55

    Legitimate traffic included*

    3 Mbps

    Traffic charge above quota (per Mbps)

    €10

    1 additional IP address for client’s domain protection

    €130

    Issuing and support of SSL certificates per certificate per month

    €2

    Web Application Firewall

    Bot protection (parsing/brute-force protection) per Mbps

    HTTPS filtering without key disclosure per resource per month

    165/mo.

    No credit card required

    Guaranteed availability (SLA)

    >99.9%

    Protection from network and transport layer DDoS attacks (L3, L4)

    Unlimited

    Protection from application layer DDoS attacks (L7)

    Unlimited

    Number of protected resources

    1

    Technical support

    24/7

    Protection for 1 additional resource per month

    €55

    Legitimate traffic included*

    5 Mbps

    Traffic charge above quota (per Mbps)

    €8

    1 additional IP address for client’s domain protection

    €130

    Issuing and support of SSL certificates per certificate per month

    €2

    Web Application Firewall

    Bot protection (parsing/brute-force protection) per Mbps

    €5

    HTTPS filtering without key disclosure per resource per month

    €115

    Enterprise

    Custom

    Guaranteed availability (SLA)

    >99.9%

    Protection from network and transport layer DDoS attacks (L3, L4)

    Unlimited

    Protection from application layer DDoS attacks (L7)

    Unlimited

    Number of protected resources

    1

    Technical support

    24/7

    Protection for 1 additional resource per month

    Per request

    Legitimate traffic included*

    Per request

    Traffic charge above quota (per Mbps)

    Per request

    1 additional IP address for client’s domain protection

    Per request

    Issuing and support of SSL certificates per certificate per month

    Per request

    Web Application Firewall

    Per request

    Bot protection (parsing/brute-force protection) per Mbps

    €5

    HTTPS filtering without key disclosure per resource per month

    €115

    * Legitimate traffic (billable traffic) is prevailing clean traffic (usually incoming traffic from a client). The average bandwidth of incoming and outgoing clean traffic is calculated separately every minute (Mbps). Statistics for the month are collected and 5% of the highest values are discarded (36 hours). Then the maximum figure for each direction is weighted (95th percentile). The larger of these two figures is the bandwidth of legitimate (billable) traffic.

    Prices are shown minus VAT.

    Contact us to get a personalized offer