Web Application Protector Intro Image

Web Application Protector

Simple, powerful web application security

With limited security expertise, protecting your web applications is a daunting task. Web Application Protector provides automated web application firewall (WAF) and distributed denial-of-service (DDoS) protection that’s designed to offload the complexity associated with a traditional WAF. Easy to deploy and manage, Web Application Protector is backed by the scale and reliability of the Akamai Intelligent Edge Platform ― so you worry less about threats and focus more on growing your business.

Download the Product Brief
Akamai WAP Video Thumbnail
???Watch the Video???


Keep protection current

WAF leverages insights gained from hundreds of Akamai security experts and the latest machine learning algorithms — analyzing several petabytes of threat data — to keep protections current. With automatic rule updates, you don’t need to keep track of the latest security threats yourself.

Detect threats out of the box

Akamai interacts with 1.3 billion devices and harvests 130 TB of threat data every single day, discovers new threat vectors as they evolve, and continuously updates WAF rules. Akamai WAF detection logic is so advanced that it often catches zero-day attacks.

Deploy and manage easily

A sophisticated security tool doesn’t need to be complex. Web Application Protector uses automation to simplify the setup and tuning of security policies. It bundles rules and detection logic into eight categories for easier tuning, and they’re updated on an ongoing basis by Akamai security experts.

Protect your growing attack surface

Today’s more digitally connected environments process more API traffic than ever before. Web Application Protector extends the same high level of protection to your APIs, automatically inspecting all JSON and XML content for risks.

Control bot traffic

Don’t let the wrong kind of traffic slow down or interrupt your online business. Web Application Protector stops noisy bots, preventing large volumes of automatic traffic from overwhelming your applications or infrastructure.

Secure applications across environments

Protect your applications wherever they reside ― on premises, in the cloud, or across multiple cloud providers ― with a single security solution. Respond quickly to business needs by simplifying security management.

Zero-second DDoS Mitigation SLA

Web Application Protector automatically drops network-layer DDoS attacks at the edge – and is backed by an industry-leading time-to-mitigate SLA.

How It Works

WAP Reference Architecture

Online traffic connects to your web applications through the closest Akamai edge server with Web Application Protector. The server inspects web traffic to detect and block DDoS and web application attacks, while delivering web content to legitimate users. Backed by the Akamai Intelligent Edge Platform of more than 240,000 servers around the world, Web Application Protector is designed to scale to stop the largest attacks at the edge ― before they reach your applications.

Web Application Protector DDoS and application-layer security simplify the task of securing your applications with automated updates to security protections. With visibility into attacks against thousands of Akamai customers, advanced machine learning algorithms continuously refine security policies — and transparently update your configuration without requiring human intervention.


Quick deployment

Web Application Protector allows you to deploy your security configurations in just a few clicks to protect your applications faster.

Precise detection

By evaluating changing attack patterns on the Akamai platform and updating detection logic, Web Application Protector provides precise threat identification without requiring you to manage security policies.

Automatic API inspection

Web Application Protector automatically inspects JSON and XML traffic for attacks using the same signatures as traditional web traffic.

DDoS protection

Defending your applications from DDoS attacks, Web Application Protector is designed to automatically drop network-layer attacks at the edge and respond to application-layer attacks within seconds to minimize any downtime.

Automated updates

Leveraging visibility into the latest attacks on the largest online organizations, Akamai continuously and transparently updates Web Application Protector security protections to save you time and effort.

Improved performance

Benefit from performance enhancements on the Akamai content delivery network, such as advanced offload capabilities, to improve website performance even when under attack.

Akamai Insights


Use Cases

Hybrid cloud security

Security teams responsible for protecting applications deployed across multiple cloud environments can leverage a single set of controls to maintain a consistent security posture. Akamai security makes it easy for you to scale resources to quickly meet business demands.
Learn More

DDoS defense

Web Application Protector provides always-on protection for DDoS attacks. Supported by the Akamai Intelligent Edge Platform that delivers more than 72-82 Tbps of traffic, Web Application Protector is designed to respond to network and application-layer attacks within seconds with the capacity to absorb the largest, most aggressive DDoS attacks.

API protection

Web Application Protector provides fully automated API security. Detection logic automatically inspects JSON and XML requests for risks without special configuration. Easy-to-tune detection logic allows you to adjust settings for your specific business needs.

1The Forrester Wave™ is copyrighted by Forrester Research, Inc. Forrester and Forrester Wave are trademarks of Forrester Research, Inc. The Forrester Wave is a graphical representation of Forrester’s call on a market and is plotted using a detailed spreadsheet with exposed scores, weightings, and comments. Forrester does not endorse any vendor, product, or service depicted in the Forrester Wave. Information is based on best available resources. Opinions reflect judgement at the time and are subject to change.

2Gartner Magic Quadrant for Web Application Firewalls, Jeremy D’Hoinne, Adam Hils, Claudio Neiva, Rajpreet Kaur, 17 September 2019.

This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from Akamai.

Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.