WAF & API protection
Managed rule sets + custom rules + OpenAPI-schema enforcement on every request.
What it is
Inspects every request against three layers: a managed rule set updated daily, your custom rules (boolean DSL over headers/body/geo/JA3), and — uniquely — schema enforcement against your OpenAPI spec (drop requests that don't match the declared shape).
When to use it
- Block OWASP Top-10 with zero config.
- Drop requests that don't match your API's OpenAPI schema (no more 'someone sent us 50KB of garbage').
- Block by JA3 fingerprint, country, IP class.
Quickstart
asc shield waf rules import-openapi example.com ./openapi.yaml
asc shield waf rules add example.com --expression 'ja3.fp eq "abc..."' --action blockclient.shield.waf.import_openapi('example.com', './openapi.yaml')await client.shield.waf.importOpenapi('example.com', './openapi.yaml');Limits & quotas
| Limit | Default | Burst | Notes |
|---|---|---|---|
| Custom rules | 1,000 (Business) | 5,000 | Enterprise |
| Schema-enforced endpoints | Unlimited | — | |
| Managed update cadence | Daily | — |
Pricing
See pricing. Pay-as-you-go, billed monthly via Stripe.
API surface
POST /v1/shield/waf/rulesPOST /v1/shield/waf/openapi/import
Required scope(s): shield.waf:write. See Scopes.
Security
All access is authenticated and scoped. See Auth & scopes and Network controls.