Application Shield

Easily ensure secure, compliant and highly available web applications
Play Video

Application Shield is a cloud-based web service protection solution that integrates Web Application Firewall (WAF), DDoS protection and CDN acceleration. Based on CDNetworks central cloud defense engine, it is constantly learning and protecting your web applications from new malicious actors and attack vectors, keeping your business safe and available. 

Application Shield can effectively protect against the OWASP top 10 threats, site scanning activities, web trojans, account take-over attempts, credential stuffing attempts and other web application attacks. In addition, it can provide all-round protection for websites by providing zero-day vulnerability patches, and preventing web page tampering.


OWASP Top 10 Defenses

Hundreds of WAF signatures and policies to defend against the top threats, as published by OWASP, such as injections, directory traversal, XSS and more.

DDoS Attack Protection

Provide both Application-layer and Network-layer DDoS mitigation, to keep your sites and apps durable and always available.

Access Control

Block unwanted users and potential bad traffic by IP address, HTTP headers and other parameters to avoid any web application attacks.

Rate Limitation

Reduce risks of brute-force and other automated attacks by configuring the number of HTTP requests that are allowed to your backend servers per any given time.

Custom Signatures

Improved protection flexibility by creating customized rules and regular expression signatures through user-friendly rule wizards.

Monitoring and Warning

Comprehensive monitoring and alerting services to rapidly notify about any website abnormalities, including Web Application attack and L7 DDoS attack alerting.

A Fully Features and Easily Manageable WAF

With the full functions, you can perform WAF management flexibly and conveniently,

  • WAF dashboard
  • 1000+ Threat Patterns
  • Configurable Access Control
  • Configurable Rate Limiting Policies
  • Customized Rule Exceptions
  • Log & Incident Investigation Tools
WebShell Attack Detection

WebShell Attack Detection

Application Shield can prevent WebShell Trojans in multiple ways. It can block the upload behaviors when files contain suspicious code or are uploading dynamic scripts. In addition, for the WebShell Trojans that have already been uploaded to your origin, the related activities can be blocked through the AI Protection Engine by analyzing the request log of the protected site to determine if it is the access characteristics of WebShell Trojan.

Powerful Intelligence Library

With over 2,800 global Pops, CDNetworks platforms carry enormous Internet traffic, process TB-scale log data daily, including a massive access data and attack/defense samples. In combination with AI machine learning, these platforms are constantly updating defense rules to identify the latest threats.

Zero Day Protection

Zero Day Protection

Protect applications against new threats through an intelligent back-end monitoring, detecting and blocking unwanted behaviors. When Zero Day vulnerabilities are discovered, Application Shield will send the “efficient patch” WAF rules to the entire platform synchronously, forming a “Network-wide Synchronization” protection system to rapidly address Zero Day vulnerabilities.

Visual Dashboard

CDNetworks Application Shield can display application-layer attack information (such as attack trending data, attack details, attack type and source of attack) and intercept attacks in real-time for both DDoS attacks and Web application attacks. You can get an immediate and intuitive picture of your security status by viewing attack trends on the real-time dashboard, filter by domains, attack types, dates and the other parameters.

Visual Dashboard

How it Works

Application Shield is a cloud-based WAF and DDoS protection solution, deployed on CDNetworks global Points-of Presence (PoPs) to detect and defend against web attacks in real-time. This happens at the edge of the network, far before the attack can hit, manipulate or overwhelm the customers’ datacenters and origin servers. CDNetworks’ huge infrastructure also deflects DDoS attacks, keeping them away from smaller, more vulnerable networks.

As customers continue to use the platform, the data gathered is fed to CDNetworks’ big-data system, powered by AI to further process events offline, in near real-time to generate new defense strategies. These strategies are then distributed immediately to all Pops, making the entire defense infrastructure even more effective.