Our Customer Portal Has Been Updated! Sign-in, orders, support tickets, and invoices are now managed through our new customer portal.

Go to Portal
Knowledge Base
Rates 47,05 53,95

Firewall & WAF

Firewall & WAF

WebGuard WAF packages with OWASP Top 10 protection, bot blocking, and rate limiting — covering 1–10 sites.

  • OWASP Top 10
  • Bot Blocking
  • Rate Limiting
  • Geo Blocking
  • API Protection
  • Log Retention

WAF Plans

Firewall & WAF Plans and Pricing

WebGuard Starter, Business, and Enterprise plans with 1–10 site protection, 10M–200M requests/mo capacity, and OWASP rules — fixed TRY/USD/EUR monthly pricing.

Prices reflect current hostingturkiye.com.tr list rates (not central bank conversion). Pair with DDoS protection for volumetric attack scenarios.

WebGuard Starter (WAF)

Instant activation · Istanbul

  • 1 site protection
  • 10M requests/month
  • OWASP rules active
  • IP and country blocking
  • 7-day log retention
  • Sites1
  • Requests/mo10M

749.90/Month

Add to cart

WebGuard Enterprise (WAF)

Instant activation · Istanbul

  • 10 site protection
  • 200M requests/month
  • API protection and botnet signatures
  • Geo blocking and rate limiting
  • 99.99% SLA
  • SLA99.99% SLA
  • Sites10
  • Requests/mo200M

11,999.90/Month

Add to cart

3 plans include standard infrastructure

OWASP rules, bot blocking, rate limiting, geo blocking, and log retention are standard on all WAF plans.

  • OWASP Rules Top 10 threat protection
  • Bot Blocking Automated scan and botnet filtering
  • Rate Limiting Brute force prevention
  • Geo Blocking IP and country-based restrictions
  • API Protection API security on Enterprise plan
  • Log Retention 7–30 day log archive

Current pricing · Prices exclude VAT

Guide

About this service

Firewall and WAF services add an application-layer security barrier between the internet and your web applications. Block SQL injection, XSS, and OWASP Top 10 attacks before they reach your server.

Service overview

Hosting Türkiye WebGuard WAF packages inspect HTTP/HTTPS traffic and apply rule sets based on OWASP guidelines. Bot blocking and rate limiting reduce automated attack surfaces.

Who it’s for

  • WordPress and WooCommerce stores
  • Custom web applications and corporate portals
  • API endpoints exposed to the public internet
  • E-commerce platforms handling payment data

WAF vs. network firewall

LayerProtectionExamples
Network firewallPort and IP filteringBlock unauthorized ports
WAFHTTP content analysisBlock SQL injection, XSS

Deploy both for comprehensive coverage.

OWASP Top 10 coverage

WebGuard WAF protects against the most critical web application security risks:

  • Injection attacks (SQL, OS command)
  • Broken authentication and session management
  • Cross-site scripting (XSS)
  • Insecure direct object references
  • Security misconfiguration

Layered defense

Combine WAF with DDoS protection for network-layer filtering, SSL certificates for encrypted transport, and penetration testing for proactive vulnerability assessment.

Support

24/7 support for WAF deployment, custom rule configuration, and incident response.

FAQ

Frequently asked questions

What is a WAF?

A WAF (Web Application Firewall) analyzes HTTP/HTTPS traffic and blocks SQL injection, XSS, CSRF, and OWASP Top 10 attacks before they reach your web application.

What is the difference between a firewall and WAF?

A traditional firewall filters at the network layer by port and IP. A WAF analyzes HTTP request content at the application layer. Both layers together provide comprehensive protection.

Which applications can be protected?

WordPress, WooCommerce, custom web applications, API endpoints, and corporate portals can be protected. Works with web hosting and virtual server infrastructure.

Can WAF be used with DDoS protection?

Yes. DDoS protection filters volumetric attacks at the network layer while WAF blocks application-layer threats. Together they provide layered defense.

What are the plan differences?

WebGuard Starter (1 site), Business (3 sites), and Enterprise (10 sites) differ in site count, rule sets, and rate limiting capacity. Details are on plan cards.

Does WAF block legitimate traffic?

WAF rules are tuned to minimize false positives. Custom rule exceptions can be configured for known legitimate traffic patterns.

Is bot traffic blocked?

Yes. Bot blocking and rate limiting prevent automated scraping, credential stuffing, and brute-force login attempts.

How is WAF deployed?

WAF sits in front of your web application as a reverse proxy or DNS-level filter. Traffic is inspected before reaching your origin server.

Can WAF protect APIs?

Yes. API endpoints are protected against injection attacks, unauthorized access, and excessive request rates through application-layer rules.

Should I run a pentest before deploying WAF?

A penetration test identifies existing vulnerabilities before WAF deployment. WAF then provides ongoing protection against known and emerging threats.

How do I monitor WAF activity?

WAF dashboards show blocked requests, attack types, and traffic patterns. Combine with monitoring & SLA for comprehensive visibility.

What support is available?

24/7 support for WAF configuration, rule tuning, and false positive resolution.

Why Hosting Türkiye?

Support & activation

Our 24/7 support team helps with hosting, email, and SSL questions.

Choose your WAF plan.

Starter, Business, and Enterprise — monthly USD pricing.

Support