Web Application Firewall


Easy. Efficient. Extensible.

DenyAll Web Application Firewall is the foundation for our next generation application security products. It combines ease of configuration – with its workflow engine and management APIs – with a proven ability to secure web applications. It embeds negative and positive security, in-context, user behaviour analysis, and soon-to-be-added rWeb advanced security engines, to efficiently protect your web applications while minimizing false positives.


Discover why relying on DenyAll WAF is the right decision for you.

Ease of Administration

Because you need your administrators to be productive and agile, not loose time in unnecessarily complex, repetitive tasks.

Effective Security

Because you need to actually block application-layer attacks and don’t want another false positive-prone intrusion detector.

Application Security Innovation

Because you know old recipes don’t work and want to take advantage of innovative approaches in application security.

WAF-DAST Integration

Because you need to discover those unprotected, vulnerable web applications and protect them at the lowest possible cost.

Ubiquitous Security

Because we provide template-based, actionable reports for executives, operational and technical stakeholders.

NextGen Application Security

Because protecting your IT requires an integrated solution, combining scanning, web application & services security and user access.


With DenyAll Web Application Firewall, protect your web sites & applications from defacement, denial of service, data leakage, identity theft and intrusion attempts.

Visual Policy

Configuring policy is as simple as dropping boxes and dragging arrows. Changes are made in a few clicks. Policy can be easily understood by managers, even if they are not application security experts.

Management APIs

Automate key administrative tasks, from the initial creation of tunnels and applications, the configuration of policy, and on-going monitoring and reporting activities.

Web Security

ICX’s generic blacklist signatures, based on known attack techniques, block key OWASP Top 10 attacks such as injections, scripts, etc. Combine it with application learning and whitelisting for maximum security.

Behavior Analysis

Configurable time-based checks help prevent authentication brute force and application-layer denial-of-service attacks, while preconfigured filters limit bots and search engine crawler requests.

Application Learning

Check all incoming URIs, each parameter and all possible values to understand how the site works. Add rules to validate other parts of incoming requests, such as headers.

Log Replay

Use WAF or web server logs to simulate the data running through a new version of the security policy, before validating it, make sure legal requests are not blocked. Or understand what happened, after the fact.

Virtual Patching

Test the efficiency of your WAF policy using DenyAll Vulnerability Manager. Integrate the scan report into DenyAll WAF to virtually patch application-layer vulnerabilities and prevent exploits.


DenyAll WSF adds Web Services specific security features. DenyAll WAM handles Web SSO for users, beyond the authentication methods supported by our WAF (client certificates, SAML, Radius, LDAP)

Contact us to find out more

To arrange a demo or consultation get in touch and we will have the right person respond as soon as possible.

Contact us